Subject: Re: Microsoft gave FBI a set of Bitlocker keys to unlock suspects' laptops

On Sat, 1/24/2026 12:20 PM, Alan K. wrote:

On 1/24/26 10:02 AM, Mr. Man-wai Chang wrote:

On 24/1/2026 10:58 pm, Mr. Man-wai Chang wrote:

On 24/1/2026 10:21 pm, CrudeSausage wrote:

What is the point of encryption if Microsoft can unlock any of your
computers whenever it feels like it?

Actually.... I always wonder:

1. Is Bitlocker just a password prompt? :)
2. Does Bitlocker really enecrypt the whole drive?
3. If (2) is true, is the encryption using user-supplied
ÿÿÿÿÿ passowrd as a mask? Or is it using a standard mask?

If the encryption is using a standard mask, not surprising that FBI can
decrypt any Bitlocker drives. :)

And ....

4. Is the Bitlocker password stored in the drive?
ÿÿÿÿ And the receovery ley as well?
ÿÿÿÿ Both recoverable by Micro$oft? :)

And ....
Is there a substitute for Bitlocker?ÿÿ What if I don't want to use it, but still want encryption?

That would be Veracrypt, the successor to the compromised Truecrypt.

https://en.wikipedia.org/wiki/VeraCrypt

https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

The Truecrypt dev signaled that law enforcement had been for
a visit, and not to use it.

The white space on C: has plaintext copies of things you have
been editing, so one option is to Veracrypt the entire C: .
That covers the leakage aspect of C: in Windows.

You should not keep, say, a single encrypted ZIP archive, because
when you work with it, you leave crap on the disk. An application
like Heidi Eraser can help with leakage, but C: leaks like a sieve
and you should be prepared to do experiments to see if an item has
leaked or not. Encrypting the entire C: is a bit better, in that
then you are not relying on Heidi Eraser to be a bulletproof solution.

You do not want the running OS to be watching you while you set
up the encryption, so you could do some of that offline. Test
with a separate HDD with the Windows cloned onto it, that your
knowledge of how to do these things, is solid, before doing it
to your daily driver. Maybe there is some way to use GRUB to
unlock the volume, then chain-boot the decrypted Windows.

When you boot, some partition has to be plaintext to support
the graphical dialog of the tool that will ask for the password.
But that partition is not for personal file storage, and that
partition really should not be getting modified all that often.

You can also encrypt the entire drive, but that requires
a prompt come from somewhere to unlock it. All storage
devices have FDE (Full Disk Encryption), but we do not
know the extent to which this is compromised for law enforcement.
The first generation of hard drive to have FDE, there was a problem
with the FDE, but any modern disks should be OK. Microsoft on Windows 11 Home, would be using FDE, rather than Bitlocker-without-Elephant-Diffuser.
In fact, your disk right now could already be encrypted with FDE.

manage-bde -status # Admin window

Encryption is a write-once read-never technology, so be absolutely
sure it is worth it to be doing this. You could get up tomorrow morning,
turn on the computer, enter the Veracrypt password and receive
"volume not found" or similar. Think about the enhanced failure
modes while using cryptography. Just turning off the power in the
middle of a session, could ruin it (Windows itself, can typically
survive that). Is it journaled ? Does it have
functional recovery ? And so on. Nothing here is encrypted :-)
I have enough trouble as it is. I don't even know how
to set these things up (you can tell from the text above :-) ).

Most of the lightweight methods, are for preventing casual snooping,
rather than for keeping out a policeman. You would need to read
the stories about journalists who worked with others via encrypted communications, as to how they protect their assets at home. A journalist
was in the news a couple days ago, for having all of their possessions
swept up in a witch hunt. And that will be a test of their cryptography
and their skill set.

Paul



--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Microsoft gave FBI a set of Bitlocker keys to unlock suspects' laptops

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?ÿÿ What if I don't want to use it,
but still want encryption?

Yes, lots. <https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>


[Removed ???'s crosspost to alt.conspiracy]

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Microsoft gave FBI a set of Bitlocker keys to unlock suspects' laptops

On Sat, 24 Jan 2026 19:56:25 -0000, Bill Brownley wrote:

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?ÿÿ What if I don't want to use it,
but still want encryption?

Yes, lots. <https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>

[Removed ???'s crosspost to alt.conspiracy]

It seems that just about every solution there would be safer than
Microsoft's, but I imagine that VeraCrypt remains the most popular alternative. Does VeraCrypt work if you intend to use a storage device's
OPAL hardware encryption?

--
CrudeSausage
John 14:6
Isaiah 48:16
Pop_OS!

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Microsoft gave FBI a set of Bitlocker keys to unlock suspects' laptops

On Sat, 1/24/2026 6:39 PM, CrudeSausage wrote:

On Sat, 24 Jan 2026 19:56:25 -0000, Bill Brownley wrote:

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?ÿÿ What if I don't want to use it,
but still want encryption?

Yes, lots.
<https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>


[Removed ???'s crosspost to alt.conspiracy]

It seems that just about every solution there would be safer than Microsoft's, but I imagine that VeraCrypt remains the most popular alternative. Does VeraCrypt work if you intend to use a storage device's OPAL hardware encryption?

There is no mention of that topic here.

https://en.wikipedia.org/wiki/VeraCrypt

You will find in the software world, a general distrust of "punting"
to someone elses implementation :-) "What would Linux Torvalds say?" :-)

https://en.wikipedia.org/wiki/Opal_Storage_Specification

"Radboud University researchers indicated in November 2018 that some
hardware-encrypted SSDs, including some Opal implementations,
had security vulnerabilities.[5]

[5] Meijer, Carlo; van Gastel, Bernard (19?23 May 2019).
Self-Encrypting Deception: Weaknesses in the Encryption of
Solid State Drives. 2019 IEEE Symposium on Security and Privacy (SP).
San Francisco, CA, USA: IEEE. pp. 72?87.
"

The advantage of software based methods, is that, as they are
cracked, you can just toss them out of the crypto-suite. There
is fast turnaround for correcting a situation.

Just as right now, SHA-512 is being popularized, as quantum computer chill appears on the horizon. Like MD5, the warnings appear ahead of the actual attack. And while you sit there sipping a coffee, there are people
beavering away on hardened algorithms to withstand quantum attack.

Paul

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Microsoft gave FBI a set of Bitlocker keys to unlock suspects' laptops

On Sat, 24 Jan 2026 22:06:54 -0500, Paul wrote:

On Sat, 1/24/2026 6:39 PM, CrudeSausage wrote:

On Sat, 24 Jan 2026 19:56:25 -0000, Bill Brownley wrote:

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?ÿÿ What if I don't want to use
it,
but still want encryption?

Yes, lots.
<https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>


[Removed ???'s crosspost to alt.conspiracy]

It seems that just about every solution there would be safer than
Microsoft's, but I imagine that VeraCrypt remains the most popular
alternative. Does VeraCrypt work if you intend to use a storage
device's OPAL hardware encryption?

There is no mention of that topic here.

https://en.wikipedia.org/wiki/VeraCrypt

You will find in the software world, a general distrust of "punting"
to someone elses implementation :-) "What would Linux Torvalds say?" :-)

https://en.wikipedia.org/wiki/Opal_Storage_Specification

"Radboud University researchers indicated in November 2018 that some
hardware-encrypted SSDs, including some Opal implementations,
had security vulnerabilities.[5]

[5] Meijer, Carlo; van Gastel, Bernard (19?23 May 2019).
Self-Encrypting Deception: Weaknesses in the Encryption of Solid
State Drives. 2019 IEEE Symposium on Security and Privacy (SP).
San Francisco, CA, USA: IEEE. pp. 72?87.
"

It's an old matter. There don't seem to be such vulnerabilities in the
devices released since then.

The advantage of software based methods, is that, as they are cracked,
you can just toss them out of the crypto-suite. There is fast turnaround
for correcting a situation.

Just as right now, SHA-512 is being popularized, as quantum computer
chill appears on the horizon. Like MD5, the warnings appear ahead of the actual attack. And while you sit there sipping a coffee, there are
people beavering away on hardened algorithms to withstand quantum
attack.

For the time being, I'm relying on Linux's built-in encryption. I used it because the hardware encryption is known to cause issues with waking from sleep in Linux.

--
CrudeSausage
John 14:6
Isaiah 48:16
Pop_OS!

--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Microsoft gave FBI a set of Bitlocker keys to unlock suspects' laptops

Paul wrote:

The Truecrypt dev signaled that law enforcement had been for
a visit,

Can you post the evidence for the above, or a link to the evidence?

and not to use it.

This much is true, but apparently for other reasons. <https://web.archive.org/web/20140531203620/http://steve.grc.com/2014/05/30/yes-virginia-truecrypt-is-still-safe-to-use/>



--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Microsoft gave FBI a set of Bitlocker keys to unlock suspects' laptops

On Sun, 1/25/2026 3:59 PM, Maria Sophia wrote:

Bill Brownley wrote:

Paul wrote:

The Truecrypt dev signaled that law enforcement had been for
a visit,

Can you post the evidence for the above, or a link to the evidence?

and not to use it.

This much is true, but apparently for other reasons.
<https://web.archive.org/web/20140531203620/http://steve.grc.com/2014/05/30/yes-virginia-truecrypt-is-still-safe-to-use/>

I remember when TrueCrypt signalled "something was amiss" way back when,
but none of us actually knew what it was (as I recall) so I hate to contradict Paul who is very knowledgeable and extremely helpful, but I know of no public evidence that the TrueCrypt developers ever said 'law enforcement visited us' or anything close to that.

If an NSL was used, then the evidence of necessity, has to be
an antipattern. Notice that the switch pull, was rather haphazard.
Like, running for the hills, when you discover you cut the
wrong wire while working as the bomb squad. Normally, when
a developer has put a lot of effort into a project, the
shutdown would be more gradual and organized.

https://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/comment-page-2/

Paul



--- PyGate Linux v1.5.5
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)