Windows7 and BitLocker

[TechieSooner]

So, it says you have to either have a TPM in the notebook, or a flash drive, according to the help pages.

Well, my notebook does not have a TPM device. Thus, seems like a Flash Drive is my only option. Yet the problem with that is that when trying to enable BitLocker, it ALWAYS checks for TPM. If it truly could use a Flash Drive, my guess is it'd ask me where it was or SOMETHING, but it just takes me straight to the error about TPM not being on my system.

Anyone seen this or have ideas?

 

[rflcptr]

Yes.

gpedit.msc -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives -> Require additional authentication at startup -> "Enabled"

 

[heatlesssun]

I just encrypted a USB stick using password encryption and it worked without issue. No TPM on my system either.

 

[heatlesssun]

Yes.

gpedit.msc -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives -> Require additional authentication at startup -> "Disabled"

Thanks for the info, I just checked those and they are not configured by default so unless there's something that was changed I'm not sure why his would have been set.

 

[rflcptr]

I was mistaken. The setting should be "Enabled" and I've edited my prior post to reflect this.

 

[TechieSooner]

I just encrypted a USB stick using password encryption and it worked without issue. No TPM on my system either.

Well I was wanting to enable the whole disk encryption...

I use TrueCrypt on XP/Vista, but on Win7 it's not compatible yet because of the 100MB partition Windows 7 forces you to create for BitLocker...

Yes.

gpedit.msc -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives -> Require additional authentication at startup -> "Enabled"

Sweet. I'll try this tonight then.

 

[rflcptr]

Found something else:

gpedit.msc -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Choose drive encryption method and cipher strength

If this is left at default, AES 128-bit encryption is used. You can set it to "Enabled" and then set AES 256-bit as the encryption method. Hell of a lot more key possibilities for a brute force attacker to choose from.

edit:
1.1579 x 10^77 KP vs 3.4028 x 10^38 KP

 

[heatlesssun]

Did you allow for that 200 MB partition when you installed 7?

 

[TechieSooner]

Did you allow for that 200 MB partition when you installed 7?

Yes I did, I don't think there's anyway you can get around that... It's just forced.

 

[gigabyte1024]

Yes I did, I don't think there's anyway you can get around that... It's just forced.

When installing to a second partition (ie dual boot) I haven't seen Win 7 create that 200 MB partition.

 

[TechieSooner]

When installing to a second partition (ie dual boot) I haven't seen Win 7 create that 200 MB partition.

That could be... I don't dualboot though...

 

[rflcptr]

When installing to a second partition (ie dual boot) I haven't seen Win 7 create that 200 MB partition.

When booted into Win7, what does the Disk Management utility reveal?