Should Recovery Drive be Encrypted by Bitlocker?

My Dell does not have TPM. I am using bitlocker with a USB.

I notice that the Recovery drive is neither protected nor eligible to be
protected. I am wondering whether this is a weakness in my protection.

Thanks for anyone's' insight

 

glr wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> My Dell does not have TPM. I am using bitlocker with a USB.
>
> I notice that the Recovery drive is neither protected nor eligible to be
> protected. I am wondering whether this is a weakness in my protection.
>
> Thanks for anyone's' insight<!--colorc--><!--/colorc-->


I would say it's not a problem, as long as you do not store any data on
it. I am assuming here that you mean a recovery drive as installed by
your PC maker in order to restore your system in the event of a disaster.

All that should be on there is a copy of Windows as it was when you got
the machine and various utilities from the PC maker, what could a thief
or spy gain from that?

Of course if the disaster ever happens and you have to use it then it
will lose all your encrypted stuff because it will reformat your system
drive, so encrypted or not you need to back up your data to something
else, ideally something that is not an integral part of the computer.

Sorry if I am misunderstanding your question.

 

"Charlie Tame" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> glr wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > My Dell does not have TPM. I am using bitlocker with a USB.
> >
> > I notice that the Recovery drive is neither protected nor eligible to be
> > protected. I am wondering whether this is a weakness in my protection.
> >
> > Thanks for anyone's' insight<!--colorc--><!--/colorc-->
>
>
> I would say it's not a problem, as long as you do not store any data on
> it. I am assuming here that you mean a recovery drive as installed by
> your PC maker in order to restore your system in the event of a disaster.
>
> All that should be on there is a copy of Windows as it was when you got
> the machine and various utilities from the PC maker, what could a thief
> or spy gain from that?
>
> Of course if the disaster ever happens and you have to use it then it
> will lose all your encrypted stuff because it will reformat your system
> drive, so encrypted or not you need to back up your data to something
> else, ideally something that is not an integral part of the computer.
>
> Sorry if I am misunderstanding your question.
> <!--colorc--><!--/colorc-->
You are on the right track. I think I should have phrased my question
better. The proper question is perhaps, does the Recovery partition on my
Vista machine include any confidential data?

No I do not use it for backup purposes but I think the drive was modified by
the Bitlocker Drive Preparation Tool when I established Bitlocker.

 

glr wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
>
> "Charlie Tame" wrote:
> <!--coloro:green--><span style="color:green <!--/coloro-->
>> glr wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> My Dell does not have TPM. I am using bitlocker with a USB.
>>>
>>> I notice that the Recovery drive is neither protected nor eligible to be
>>> protected. I am wondering whether this is a weakness in my protection.
>>>
>>> Thanks for anyone's' insight<!--colorc--><!--/colorc-->
>>
>> I would say it's not a problem, as long as you do not store any data on
>> it. I am assuming here that you mean a recovery drive as installed by
>> your PC maker in order to restore your system in the event of a disaster.
>>
>> All that should be on there is a copy of Windows as it was when you got
>> the machine and various utilities from the PC maker, what could a thief
>> or spy gain from that?
>>
>> Of course if the disaster ever happens and you have to use it then it
>> will lose all your encrypted stuff because it will reformat your system
>> drive, so encrypted or not you need to back up your data to something
>> else, ideally something that is not an integral part of the computer.
>>
>> Sorry if I am misunderstanding your question.
>><!--colorc--><!--/colorc-->
> You are on the right track. I think I should have phrased my question
> better. The proper question is perhaps, does the Recovery partition on my
> Vista machine include any confidential data?
>
> No I do not use it for backup purposes but I think the drive was modified by
> the Bitlocker Drive Preparation Tool when I established Bitlocker.<!--colorc--><!--/colorc-->

Okay, that will help get other opinions.

The OEM install should not, there may be something to identify "The
Computer" but not you personally because the OEM did not know who was
going to buy it.

However if you used it for anything I guess you could have put something
on there by accident. I can't see Bitlocker doing that but who really
knows what the other organizations like NSA is capable of these days?

I guess my opinion is that it would take a pretty good expert to get
anything from the Recovery Partition if you didn't put anything there.

 

The recovery partition does not contain any confidential data. it is
there on the system for a complete re-install / back to day 1 settings.


--
tanuj_chadha

Tanuj

History repeats itself, first as tragedy, second as farce. - Karl
Marx

 

Bitlocker is used as a security device to encrypt your system against
'unauthorised' access. As your recovery drive contains only an image of your
installed operating system and no identifiable (to you anyway) information I
certainly would not be inclined to encrypt the recovery partition. If you
loose the encryption key or misplace the printed key version you will not
only be unable to access your system but you will also not be able to
reinstall the operating system from the recovery partition - well not unless
you have created a manufacturer's recover disc.

--

--
John Barnett MVP
Windows XP Associate Expert
Windows Desktop Experience

Web:
Web:
Web:
Web:

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..


"glr" <glr@discussions.microsoft.com> wrote in message
news:63DA1E4A-1DA6-4D9C-B12F-3CFEC8DF39C0@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> My Dell does not have TPM. I am using bitlocker with a USB.
>
> I notice that the Recovery drive is neither protected nor eligible to be
> protected. I am wondering whether this is a weakness in my protection.
>
> Thanks for anyone's' insight <!--colorc--><!--/colorc-->

 

Also, where encryption is concerned, it is generally not a good idea to
encrypt "known" data with the same key as the rest of the protected
data.
Knowing what should be in the recovery partition can aid the bad guys in
deciphering the ciphertext version and discovering the key used.

"John Barnett MVP" <freelance@invalid.invalid> wrote in message
news:OIPrDS01JHA.1864@TK2MSFTNGP02.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Bitlocker is used as a security device to encrypt your system against
> 'unauthorised' access. As your recovery drive contains only an image
> of your installed operating system and no identifiable (to you anyway)
> information I certainly would not be inclined to encrypt the recovery
> partition. If you loose the encryption key or misplace the printed key
> version you will not only be unable to access your system but you will
> also not be able to reinstall the operating system from the recovery
> partition - well not unless you have created a manufacturer's recover
> disc.
>
> --
>
> --
> John Barnett MVP
> Windows XP Associate Expert
> Windows Desktop Experience
>
> Web:
> Web:
> Web:
> Web:
>
> The information in this mail/post is supplied "as is". No warranty of
> any
> kind, either expressed or implied, is made in relation to the
> accuracy,
> reliability or content of this mail/post. The Author shall not be
> liable for
> any direct, indirect, incidental or consequential damages arising out
> of the
> use of, or inability to use, information or opinions expressed in this
> mail/post..
>
>
> "glr" <glr@discussions.microsoft.com> wrote in message
> news:63DA1E4A-1DA6-4D9C-B12F-3CFEC8DF39C0@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
>> My Dell does not have TPM. I am using bitlocker with a USB.
>>
>> I notice that the Recovery drive is neither protected nor eligible to
>> be
>> protected. I am wondering whether this is a weakness in my
>> protection.
>>
>> Thanks for anyone's' insight<!--colorc--><!--/colorc-->
> <!--colorc--><!--/colorc-->

 

John Barnett MVP wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Bitlocker is used as a security device to encrypt your system against
> 'unauthorised' access. As your recovery drive contains only an image of
> your installed operating system and no identifiable (to you anyway)
> information I certainly would not be inclined to encrypt the recovery
> partition. If you loose the encryption key or misplace the printed key
> version you will not only be unable to access your system but you will
> also not be able to reinstall the operating system from the recovery
> partition - well not unless you have created a manufacturer's recover disc.
> <!--colorc--><!--/colorc-->

If one uses Acronys True Image you can attach a password to an OS system
backup image file. That's better than no security at all and prevents a
virus from being able to infect it.