Bitlocker To Go help

very_452001 · Feb 7, 2024

Hi,

Does Bitlocker use the same recovery key for both the Internal fixed hard drive and external USB drives or they get a separate recovery key each after encryption?

Lets say I encrypt a exFat USB Flash Pen Drive with Bitlocker To Go. Can I use that encrypted USB drive on another/system or computer such as MAC, Linux or another Windows Home OS and decrypt it on that another system by just entering my password or do I need to import recovery keys on that system to recognise the usb drive or it wont work at all or only works on Windows Pro OS or only on my system/computer (not portable)?

Thanks,

neemobeer · Feb 8, 2024

Each volume will have it's own recovery key including B2G

very_452001 · Feb 8, 2024

neemobeer said:
Each volume will have it's own recovery key including B2G

Okay as long I don't forget the password then I don't need the recovery key basically yeah?

Ok what about using B2G encrypted USB drives on other computers apart from my own? The other computers, macs, linux systems has to have Bitlocker installed on them to recognise my bitlocker encrypted usb drive and can be decrypted just by a password, no need to import recovery keys?

neemobeer · Feb 8, 2024

The password is sufficient to decrypt on any OS. There are tools available to mount Bitlocker encrypted drives including B2G

very_452001 · Feb 8, 2024

neemobeer said:
The password is sufficient to decrypt on any OS. There are tools available to mount Bitlocker encrypted drives including B2G

Which encryption Algorithm you recommend to go with in B2G that has the best compatibility and is the fastest for external drives?

So what Tools do I need and if those other computers/systems don't have these tools then you saying I cant mount my encrypted external drives on those other systems? Does Apple Mac for example support Microsoft Bitlocker?

very_452001 · Feb 17, 2024

Hi can anyone please advise to my last post?

Comport Colin · Feb 19, 2024

Nothing could go wrong with any of the encr. algorithms.
As for "the fastest" - do your own benchmarks. I guess nobody will ever have cared since BL2Go is a niche product and no longer supported.
I don't think switching from (default) "XTS_AES128" to "aes128" will make a difference.

very_452001 · Feb 19, 2024

Comport Colin said:
As for "the fastest" - do your own benchmarks. I guess nobody will ever have cared since BL2Go is a niche product and no longer supported.

Hi you mean BL2Go is obsolete no longer supported by Microsoft?
So will I be able to mount a BL2Go Encrypted USB drive on a Linux system & a Mac system?

Comport Colin said:
I don't think switching from (default) "XTS_AES128" to "aes128" will make a difference.

XTS is exclusive to Bitlocker?

neemobeer · Feb 19, 2024

AES XTS is not unique to Bitlocker or Microsoft. It is an IEEE standard. Bitlocker To Go is not unsupported either. I can't speak to Mac but on Linux you can use dislocker to mount bitlocker encrypted volumes.

hsehestedt · Feb 19, 2024

I believe that there may have been some confusion in earlier posts between the very similar terms "Windows To Go" and "BitLocker To Go". It is true that "Windows To Go" is no longer supported, however "BitLocker To Go" is very much supported!

BitLocker To Go is the term used when BitLocker is used to encrypt external storage such as a USB HDD, SSD, or flash drive.

By default, BitLocker will encrypt your drive using XTS-AES 128 encryption. I would suggest leaving this as is unless you have a very specific reason to change it.

As for speed, this should be VERY fast because on any modern hardware, BitLocker uses the hardware encryption capabilities of your CPU.

I have a very fast thumbdrive on which I have BitLocker enabled and I can easily WRITE to that drive, while encrypting the data with BitLocker, at around 550 MB/s.

On other Windows machines, you need no utilities whatsoever to decrypt the drive - the capability to read from a BitLocker encrypted drive is baked into the OS. Just supply the password. I have no experience trying to use a drive encrypted with BitLocker on any other OS (I am a Windows only kind of guy), so I'll leave answers to that question to others .

EDIT: A quick web search tells me that at least on a MAC, third-party utils are available:

"Since BitLocker is not natively supported on macOS, you’ll need to download a third-party application called macOS BitLocker Reader."

very_452001 · Feb 19, 2024

hsehestedt said:
On other Windows machines, you need no utilities whatsoever to decrypt the drive - the capability to read from a BitLocker encrypted drive is baked into the OS. Just supply the password. I have no experience trying to use a drive encrypted with BitLocker on any other OS (I am a Windows only kind of guy), so I'll leave answers to that question to others .

Okay many thanks. To confirm it will work on any windows that are not the 'Pro' versions? I ask because you only find Bitlocker in Pro versions of windows.

Work on Windows XP and Windows 7?

hsehestedt · Feb 19, 2024

I know for a fact that you can read a BitLocker encrypted drive even on the Home edition. My guess is that you can probably write to it as well, but that you simply cannot initialize a drive with BitLocker on the Home edition. You will have to test that to confirm.

As for XP and Win 7, maybe someone else can comment. Since Windows 7 and XP are long dead OSes (even extended support for 7 is gone), I put zero effort into looking for solutions on either of those OSes

.

neemobeer · Feb 19, 2024

I would say it might work in XP or 7 but only with the older AES encryption methods. XTS-AES is definitely not supported even in Windows 8/8.1 I believe. My reply to questions about EoL operating systems will very repetitively be "Upgrade to a supported OS"

hsehestedt · Feb 19, 2024

@neemober caused me to recall something I am embarressed to have forgotten about:

If you BitLocker encrypt a drive on current versions of Windows 10 or any version of Windows 11, one of the screens you get is this:

So, neemober is 100% correct. XTS-AES is only suitable for current versions of Windows, but the good news is that if you encrypt using the wizard, it will give you a choice as the above screen clearly shows. You may want to test this, but I would think that you would be good to go if you choose this option. I tried this and I see that the method used to encrypt with this option is AES 128.

Comport Colin · Feb 20, 2024

...confusion in earlier posts between the very similar terms "Windows To Go" and "BitLocker To Go". It is true that "Windows To Go" is no longer supported, however "BitLocker To Go" is very much supported!

Exactly, sorry for the confusion. Windows2Go is no longer supported and thus, bitlocking Windows2Go as well, while Bitlocker2Go remains supported. Of course, Windows2Go still works, even with newer windows versions there are ways to set it up and I still use it myself.

very_452001 · Feb 20, 2024

Is AES much slower than XTS-AES?

Most computers around the world still using windows XP or Windows 7.

Comport Colin · Feb 20, 2024

As said, for compatibility, you should use the compatible mode, as depicted. Since you want it to work on older OS', you have no choice.

hsehestedt · Feb 20, 2024

very_452001 said:
Is AES much slower than XTS-AES?

Most computers around the world still using windows XP or Windows 7.

As Comport Colin noted, you really have no choice if you want to be compatible with older OSes. That said, as I noted before, speed is not an issue anyway. Encryption is done in hardware these days so speed is not any issue.

Also, asserting that "Most computers around the world still using windows XP or Windows 7" is pure fiction. Not even anywhere near reality. Here is the current market share (as of February 2024). Note that some sources may give slight variations to this, but this is a good ballpark:

Windows 10: 66.45%
Windows 11: 27.83%
Windows 7: 3.06%
Windows 8.1: 1.74%
Windows XP: 0.57%
Windows 8: 0.26%