3

We have a rule in my company that all PC drives must be encrypted with BitLocker, including laptops.

My own Windows 8 laptop has a tendency to hang at shutdown, black screen but the computer never stops (once waited for 30 minutes to no avail). I'd say it happens 25% of the time on average. The problem is, I then have to stop it manually and when it reboots I get the "Bitlocker blue screen of death" asking me to enter the recovery key.

If I have the key at hand everything then goes back on track, but I'm carrying this computer around everywhere I go, including places I don't have access to my company's network where the key is stored.

I understand the recovery key can be used to decrypt the drive, so I imagine it is not safe to have it with me all the time. I'm tempted to store it on my cell phone though, because if the laptop fails on me in the middle of nowhere/abroad/at a client's/on a train I have no other choice except calling someone at the office to give with the key - which I don't know if they'll be willing to do.

How can I deal with that problem ? Is Bitlocker really a reliable option for a mobile device considering potential hardware failings (especially in an SSD drive) ?

Improve this question
5
  • 3
    Fix the crash issue ?
    – Stephane
    Commented Mar 5, 2014 at 9:15
  • 1
    not an answer to your problem, but I'll say that I moved away from Bitlocker for this very reason. Starting your laptop in a customers datacentre which took 20 mins to get into, only to have it do the bitlocker blue screen of death was not fun! You could look at Self-encrypting SSDs as an option
    – Rory McCune
    Commented Mar 5, 2014 at 9:27
  • @Stephane I'm currently looking into this, but just because I find what the failure is doesn't mean I can easily fix it. Plus, other hardware failures could happen. My question was more general : since Bitlocker prevents me from booting when I would otherwise have been able to, can we reasonably say that Bitlocker is "fragile" ? Is it really a mature technology ?
    – guillaume31
    Commented Mar 5, 2014 at 9:34
  • TrueCrypt isn't a bad alternative. Or PGP FDE if you want a more enterprisey solution.
    – Polynomial
    Commented Mar 5, 2014 at 10:38
  • TrueCrypt can't yet work with Windows 8 and UEFI, if I understand it right.
    – Display Name
    Commented Apr 12, 2014 at 21:21

1 Answer 1

Reset to default
4

What kind of attack are you trying to protect yourself from?

Assuming your only concern is that the data on your lost/stolen laptop will not be readable, then it is OK to carry the recovery key with you. Generally people are very good at securing their wallets, it should be "safe" to keep it on a piece of paper in your wallet.

If you're concerned about being directly threatened to divulge the key then it's obviously a much bigger risk to be carrying the recovery key around.

From a usability perspective though, I would not want to go through the pain of entering the key repeatedly (you mention it's 25% of the time!) Your best move is to solve whatever problem is hanging your laptop on shutdown.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .