BitLocker Drive Encryption is a feature of Windows Vista Ultimate and Windows Server 2008, which offers full disk encryption on the level of logical volumes (e.g., C:). As it uses AES 128 by default and the only publicly known way to defeat programs like BitLocker or TrueCrypt (if properly configured) is the famous (but easily preventable) cold boot attack, I’d really recommend using it if you are not a follower of the “Microsoft is pure evil” cult. Needless to say, even the strongest disk encryption is only as good as the password or key mechanism you use. In the following, I will describe a little-known option which was introduced with Service Pack 1 for Vista and massively aggravates attacks based on keyloggers or stolen USB sticks.

Read the rest of this entry »