Join Log in
Score:0
tasty_tortilla avatar Server

Is Bitlocker automatic unlock not safe?

eg flag
tasty_tortilla

I don't get how "automatically unlock" Bitlocker feature works on Windows 10. I have a main SSD with OS installed in it that's encrypted with bitlocker and another drive encrypted with bitlocker that automatically unlocks itself at boot.

I read in the documentation that a drive set to unlock automatically "can be unlocked only when the main OS drive is locked with bitlocker too". This looks like that it can be unlocked with whatever other main OS drive encrypted with bitlocker and not only with my own main OS drive. Does this then mean that i can put my data drive on another PC using bitlocker (on the main OS drive) and it will again automatically unlock there too?

This wouldn't make any sense at all to me but it looks like so. There is no indication saying that the couple "OS drive" and "automatically unlocked drive" is unique and it's somehow tied in some way. Is it unsafe then to unlock the drive automatically? Is there any safer way to lock it?

59
1 + 2
cn flag
Greg Askew
`Does this then mean that i can put my data drive on another PC using bitlocker (on the main OS drive) and it will again automatically unlock there too? This wouldn't make any sense at all to me but it looks like so.` No it does not.
0
Reply
tsc_chazz avatar
vn flag
tsc_chazz
To expand on Greg Askew: though there is no indication, it is still true that the unique key to the "automatically unlocked" drive is buried in the OS drive.
1
Reply
Score:1
Swisstone avatar Server
cn flag
Swisstone

Does this then mean that i can put my data drive on another PC using bitlocker (on the main OS drive) and it will again automatically unlock there too?

No, because the other PC can't guess the decryption key.

In fact, when you enable auto-unlock, BitLocker will store a key specifically for this Data drive somewhere in the main OS volume, Windows will use this key later to unlock the Data drive.

Windows is able to auto-unlock the Data Drive because the key it needs to unlock this Data drive is stored on the main OS volume.

So, a random computer will not be able to auto-unlock your Data drive because this computer will not have the key it needs to auto-unlock the drive on its OS volume.

That's what the documentation says:

You can configure BitLocker to unlock mounted data volumes automatically during startup, without human interaction. BitLocker accomplishes this by encrypting a data volume's volume master key with an external wrapping key, and then storing a plaintext copy of the external wrapping key in the registry of the encrypted operating system volume

+ 1
tasty_tortilla avatar
eg flag
tasty_tortilla
holy! thanks so much i was then interpreting very bad the doc!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.