Bitlocker to go: autounlock key protection
I would like to ask a question about Bitlocker To Go. I know that there is a feature "Autounlock". If you turn it on, than a key is created and stored at registry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\FveAutoUnlock\ key. My question is, how is that key at registry protected? If system drive is not encrypted, than everyone can find that key at users registry file.
January 10th, 2010 8:12pm

Hi,Actually, the registry key can only be modified by the current user. After switching another user account, the "HKEY_CURRENT_USER" is also switched to the other user account. The current user registry is switched under "HKEY_USERS\S-1-5-XX" and other user has not enough permission to modify it.For more information about Registry key, please refer to the following article:Windows registry information for advanced usersThanks,Novak
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2010 10:19am

If you are administrator or connect this disk to another computer, than you get access to that registry. I am curious if just that registry key is enough to unlock the drive. Is the key in registry at least somehow modified (encrypted) by user's password?
January 12th, 2010 2:27pm

First, I would like to explain that the registry key only exists after using the "Autounlock" feature. After enabling the feature, the user information is saved in the key as binary which is used to unlock the drive on the machine. If you remove the registry key, the "Autounlock" feature will be removed and you need re-type the password when plugging the drive again. The key does not contain any password and it can only be modified by the current user and administrator. If you log off and switch to another limited user, the key cannot be modified. Meanwhile, the locked drive is not protected by the registry and it is depended on TPM hardware. For more information about Bitlocker, please refer to following article: Bitlocker Thanks, Novak
Free Windows Admin Tool Kit Click here and download it now
January 13th, 2010 6:30am

I am sorry but this is not what I was asking for. I will try to write my problem once more: I have two disks (system disk and portable disk). System disk is not encrypted. I use bitlocker to go for encrypting the portable disk. I will use password for encryption. When is encryption done, I unlock the portable disk and turn on the autounlock feature. Now if I use manage-bde I can see that there is a new protector for the portable disk. The new protector is a key, which can be found at registry. The case: Some hacker will get to my disk. He will get the system disk to his computer and find the stored key for portable disk. The question is: Does he has already all the informations needed for unlocking the portable disk? ============== I think that the key in registry is not stored in "plain text" but is somehow depended on user's password. It should be the same like with EFS certificates. These certificates are also stored on disk, but they are encrypted by user's password. Otherwise this EFS security would be useless.
January 20th, 2010 11:49am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics