X
Tech

Bitlocker key to safe disk disposal, says Microsoft

Infosecurity 2006: Vista's disk-encryption technology will keep corporate data secure, even in the rubbish heap - but Microsoft insists criminals won't be able to rest so easy
Written by Tom Espiner, Contributor

Microsoft claims that businesses planning to use Vista together with its Bitlocker hard drive encryption technology will have an easy and safe way to dispose of their hard disks.

The software giant said on Tuesday that Vista will be so secure that businesses will no longer need to worry about data being compromised when sending hard disks to be disposed of, in line with upcoming "green" legislation designed to reduce waste.

"With Vista and Bitlocker, businesses will be able to throw hard disks away and be sure [they are] secure," said Nick McGrath, head of platform strategy for Microsoft UK at Infosecurity 2006.

However, McGrath rejected suggestions that Bitlocker would have backdoors in its encryption that will allow police forces to decrypt information stored on suspect systems.

"The technology itself is 100 percent secure — we will not be producing any backdoors," said McGrath. "There are no backdoors in Bitlocker technology."

Bitlocker encryption uses a Trusted Platform Module (TPM), a chip that sits on the motherboard and contains an encryption key. According to Microsoft technical security advisor Steve Lamb, the key both encrypts and decrypts data on the hard disk using the Advanced Encryption Standard (AES), which is also used by the US government.

Microsoft denied that the encryption technology would enable criminals to store data so securely that it would be out of reach of the police.

"You can always break an encryption algorithm if you throw enough horsepower at it," said Lamb. The security advisor admitted that businesses could be at risk from hackers breaking the encryption, but said the amount of power needed to do that was usually only available to governments.

Choosing a disposal methods for encrypted hard disks would be a policy based decision, Lamb said.

"Using Bitlocker dramatically reduces the risk to data. I don't want to teach anyone to suck eggs, but you've got to ask 'What's my appetite for risk?', and apply the appropriate constraints. Some enterprises may decide it's a low risk, while in a military environment they may decide to smash the TPM to pieces," Lamb told ZDNet UK.

A MessageLabs security expert said that criminals in theory can encrypt data and communicate with a fair degree of assurance using Pretty Good Privacy (PGP) encryption.

"You can do an awful lot with PGP. You can encrypt things in a way that governments would find difficult to decrypt," said Mark Sunner, chief technical officer at mail services company MessageLabs.

Criminals were unlikely to use hard disks to store information, but in theory gangs could use the Internet to host encrypted information.

"It's an interesting argument — because of the Internet 'bad-guy rings' can use these techniques to send information around," said Sunner.

"Another use for a botnet is for hosting information, and it's constantly moving, making it difficult to intercept. Abuse of technology takes on a completely different meaning," Sunner added.

Editorial standards