question

VBzerra-1500 avatar image
0 Votes"
VBzerra-1500 asked MTG-3890 commented

What I could not find about Windows Home Device Encryption.

Hello,



I'm trying to understand how the device encryption in windows 10 Home works (So it is not the Bitlocker of the pro version).

I Successfully activated it in my PC, I think that it worked because now appears a lock and key symbol in my C: unit (SSD).



But I'm used to the traditional encryption software like Veracrypt, where I choose a encryption key and then is very simple system like two doors.

1- First for the files encryption on boot, and the key is the encryption key.

2- Second the OS door (windows password).



But using device encryption I've got some questions,

  • why am I not prompted for any key at startup?

  • If someone get the Drive physically it would was encrypted?

  • If someone just access my PC and disable secure boot, they will have access to the files through another OS (bypassing my windows password)?

  • Finally, if someone crack the windows password, due to a flaw, the encryption is useless too?


Does this encryption method in Windows 10 Home has any documentation how it works? I could not find.
I Just find the Microsoft explanation that this encrypts your drive and the recovery key is stored in onedrive.

If I posted something in wrong way jus let me know.

Thank you.

windows-10-generalwindows-10-security
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

"Finally, if someone crack the windows password, due to a flaw, the encryption is useless too?" - yes!
The most secure option would be pre-boot authentication, but windows 10 home does not offer to set that up.
Device encryption is the same technology as Bitlocker, but with less options and without pre-boot authentication.

1 Vote 1 ·

BitLocker will encrypted the entire hard disk, so I am wondering are you using third-party tool to encrypt your data?
You will prompt for the key, in case you don't have TPM and/or set BitLocker to ask for the key during startup but normally BitLocker reads from the TPM. However, since you are using the Home edition, there is no BitLocker and please tell us what encryption are you using? or how you encrypt your data.

0 Votes 0 ·

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered VBzerra-1500 commented

Hello VBzerra,

I am not sure about Veracrypt, but we can be talking about 2 different methods here. Bitlocker does a hardware based encryption, by using the TPM chipset on your computer. This will be the point of reference for all encryption/decryption.

why am I not prompted for any key at startup? TPM chip stored all the information. As long as there is no hardware change detected (or security enforcement) if will not prompt for authentication. Operating System will prompt for authentication on access base level.

If someone get the Drive physically it would was encrypted? Yes, the device is always encrypted.

If someone just access my PC and disable secure boot, they will have access to the files through another OS (bypassing my windows password)? Bitlocker BCD or TPM will detect that something changed, same as someone steals your drive and tries to load it in other computer. It will promtp for Key.

You can see more details in: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq and https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/trusted-platform-module-overview

Hope this resolves your query,
Best regards,

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for the explanatory answer.
Very helpful, now it makes sense to me.

0 Votes 0 ·