News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • BitLocker Keys

    Home Forums Admin IT Lounge BitLocker Keys

    Tagged: 

    Viewing 3 reply threads
    • Author
      Posts
      • #2207951 Reply
        doriel
        AskWoody Lounger

        I would like to ask, if Bitlocker key (48-digit number) is completely pseudo-random number, or is it generated in order to suit my TPM chip?
        Has every TPM chip unique code, so there CANT be two same Bitlocker keys? Or is it just probability, that there SHOULDNT be two same keys (odds are 1 : (10^48-1))

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      • #2207976 Reply
        mn–
        AskWoody Lounger

        Ahem, I think there might be some confusion between keys and passwords here…

        Has every TPM chip unique code, so there CANT be two same Bitlocker keys?

        Well, since BitLocker can also be made to work without a TPM in some cases, this clearly cannot be guaranteed.

        Also there are always multiple keys that are used on different paths; TPM and the Recovery key are alternative and independent methods to arrive at the VMK. Another method is the User key (which is in turn usually protected by a password encoded in UTF-16).

        (odds are 1 : (10^48-1))

        Where are you getting the 48?

        The recovery password is 128 bits usually presented as encoded into a 48-digit format but most 48-digit numbers aren’t valid passwords. The recovery password is used to decrypt the recovery key, which is 256 bits.

        The VMK might be always 256 bits but the subkeys after that might be shorter. Don’t remember when it’d default to 128-bit final keys.

        The User key is the fun one as the range of possible User passwords greatly exceed the range of possible User keys, except for the part where you usually have to be able to enter them from an US-ASCII keyboard layout 😉

        1 user thanked author for this post.
        • #2208037 Reply
          doriel
          AskWoody Lounger

          I assume, that if the key is 48 digit number, the maximum is 999999….and so on.
          48 nines in a row. For example 999 = 10^3 – 1. Hope you get my logic there 🙂

          Dont know if all combinations are valid, or if there must be some validation (like modulo 13, or something similar).

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          • #2211575 Reply
            mn–
            AskWoody Lounger

            I assume, that if the key is 48 digit number, the maximum is 999999….and so on.

            Dont know if all combinations are valid, or if there must be some validation (like modulo 13, or something similar).

            … the latter. Not modulo 13 but similar principle – thereby reducing the available password space significantly.

            How is that a relationship? All I’m saying is that we usually assume the encryption keys are unique.

            Because some of the encryption keys can be 128 bit in some circumstances, having an if-then relationship between them would mean that the effective keyspace could be at most that much, instead of the 256 bits it’s supposed to be.

            It’s reasonable to expect that you’ll probably never see a collision in the wild, but in programming jumping from that to an assumption that it can’t happen is a typical way to end up with exploitable vulnerabilities – once you have a hacker trying to break in, it’s no longer an “in the wild” situation.

      • #2207982 Reply
        Paul T
        AskWoody MVP

        If the encryption keys are unique the recovery key will be too.
        If you used TPM to generate the BitLocker key then it will have used its internal RSA key, which is (supposedly) unique.

        cheers, Paul

        1 user thanked author for this post.
        • #2207987 Reply
          mn–
          AskWoody Lounger

          If the encryption keys are unique the recovery key will be too.

          I should hope not… because that “if->will” relationship would imply a weakness in the algorithm.

          And lots of high-security folks around in Europe and other places don’t trust the TPMs anyway, in part because nobody can guarantee that, say, NSA or CIA in the US wouldn’t be able to custom-manufacture a duplicate TPM chip on demand.

          1 user thanked author for this post.
        • #2208354 Reply
          doriel
          AskWoody Lounger

          This supports my theory, that BitLocker keys SUPPOSE to be unique, thank you for your opinion.

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      • #2208036 Reply
        Paul T
        AskWoody MVP

        that “if->will” relationship would imply a weakness in the algorithm

        How is that a relationship? All I’m saying is that we usually assume the encryption keys are unique.

        cheers, Paul

    Viewing 3 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: BitLocker Keys

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.