BitLocker To Go

Monday, November 2, 2009

I had some data on a Cruzer flash drive I wanted to protect, and I just discovered how easy it use to use BitLocker on a flash drive (thanks to Hanselman, who pointed this out in one sentence at the end of a post).

BitLocker is another Windows 7 feature that has been around since Vista, but BitLocker To Go (encryption for removable drives) is new.  I believe it is only available on Win7 Ultimate and Enterprise.

Once the drive is inserted, right-click the drive in Windows Explorer and select “Turn on BitLocker…”. Windows will ask if you want to unlock the drive using a password or a smart card + PIN. I took the password option:

bitlocker to go setup

Encryption can take some time (~ 15 minutes for my 4GB flash drive).Windows will place a BitLocker To Go “reader” application on the drive so you can have read access to files from Vista and XP machines (bitlockertogo.exe). Note: the down-level reader only works if the drive was not formatted with NTFS. It’s interesting to read about how this works:

Getting BitLocker To Go functionality to work on Windows XP and Windows Vista required some reengineering of the core BitLocker feature. To do this, the team refactored the method by which BitLocker protects FAT volumes. BitLocker behavior was modified to overlay a "discovery volume" onto the physical, original volume and virtualize the blocks overwritten. The discovery volume contains the BitLocker To Go Reader as well as a readme file. This is called a Hybrid BitLocker drive. By default, when a FAT drive is encrypted, a hybrid BitLocker drive is created. The discovery drive is visible only on the Windows XP and Windows Vista operating systems.

I always thought encrypting my entire system hard drive was a little bit scary. I like BitLocker To Go because it is built-in, and can protect a removable device where I keep sensitive files.


Comments
abc Monday, November 2, 2009
I like truecrypt, it works on any computer, not only on ultimate windows7.
gravatar Scott Monday, November 2, 2009
TrueCrypt is good, I've used it before, too: http://www.truecrypt.org/

gravatar Sergio Pereira Monday, November 23, 2009
+1 for TrueCrypt. I've been used it for years and since they added full OS X and Linux support, I feel like I'll always be able to open my files when/where needed.
gravatar paper writing Wednesday, March 10, 2010
TrueCrypt, there's no excuse to use anything different. It's secure and it's free, what more could you want?

Tip: it seems that if you have a big codebase and you work with multiple working copies checked out simultaneously, you get much better performance if each working copy is on its own encrypted partition.
gravatar Wade26Barbara Tuesday, September 14, 2010
One understands that humen's life is not cheap, nevertheless we require cash for different things and not every person earns enough money. Thence to get good mortgage loans and just secured loan will be good way out.
Comments are now closed.
by K. Scott Allen K.Scott Allen
My Pluralsight Courses
The Podcast!