There have been some discussions about Bitlocker disk encryption in the past year or two so when I ran across this command, I thought I'd post it in case anyone isn't sure if they're using Bitlocker or not.
From an administrator command prompt:
manage-bde -status
There have been some discussions about Bitlocker disk encryption in the past year or two so when I ran across this command, I thought I'd post it in case anyone isn't sure if they're using Bitlocker or not.
From an administrator command prompt:
manage-bde -status
Sample output:
C:\WINDOWS\system32>manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 6.3.9600
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [OS]
[OS Volume]
Size: 463.30 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0.0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Key Protectors: None Found
<snip>
(Output continues with each additional partition)
Those using Home editions of Windows, like me, don't get Bitlocker.
Veracrypt whole disk encryption writes (dotted blue) was higher than Bitlocker's (dotted green), but Bitlocker's reads (solid orange) was
higher than for VeraCrypt (solid yellow). Regardless of which whole
disk encryption you use, it will have an impact on performance, because
it takes CPU cycles to decrypt and encrypt.
"VanguardLH" <V@nguard.LH> wrote
| For personal use, Bitlocker or VeraCrypt for whole disk encryption
| doesn't make sense. It is superfluous protection at the cost of
| performance.
Obviously you've never been a double spy. Those people
probably need it. :)
I'm guessing that Char is probably referring to this:
https://www.tomshardware.com/news/windows-software-bitlocker-slows-performance
Win11 Pro has it turned on by default and it turns out
to be a pig with resources, slowing SSDs to about half
speed. Whether that really matters is questionable, since
disks are so fast now. Still, few people have any practical
use for BitLocker, so it's also questionable to turn it on
by default.
There have been some discussions about Bitlocker disk encryption in the past year or two so when I ran across this command, I thought I'd post it in case anyone isn't sure if they're using Bitlocker or not.
From an administrator command prompt:
manage-bde -status
Sample output:
C:\WINDOWS\system32>manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 6.3.9600
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [OS]
[OS Volume]
Size: 463.30 GB
BitLocker Version: None
Conversion Status: Fully Decrypted
Percentage Encrypted: 0.0%
Encryption Method: None
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: None
Key Protectors: None Found
<snip>
(Output continues with each additional partition)
Stan Brown <the_stan_brown@fastmail.fm> wrote:
[quoted text muted]
At least in my case, it is not. My financials are in a VeraCrypt
volume, and other documents are not. It seems to take Excel no more
time to open a spreadsheet in one than the other, and similarly for
Word, my PDF viewer, and so on.
My understanding is that the compression level is nowhere as high when
doing whole-disk encryption as with container encryption. Of course,
with Veracrypt, the more encryption schemes you combine, the slower to
read, and even more so to write.
I suspect Bitlocker is better than Veracrypt on the reads due to the hardware-implementd AES-NI instructions of the TPM modules (or Intel PTT
in the BIOS firmware).
VanguardLH wrote:
Veracrypt whole disk encryption writes (dotted blue) was higher than
Bitlocker's (dotted green), but Bitlocker's reads (solid orange) was
higher than for VeraCrypt (solid yellow). Regardless of which whole
disk encryption you use, it will have an impact on performance,
because it takes CPU cycles to decrypt and encrypt.
That's undeniable, but it misses an important point: will the impact
on performance be great enough to notice?
At least in my case, it is not. My financials are in a VeraCrypt
volume, and other documents are not. It seems to take Excel no more
time to open a spreadsheet in one than the other, and similarly for
Word, my PDF viewer, and so on.
On Sat, 28 Oct 2023 22:36:04 -0500, VanguardLH wrote:
Veracrypt whole disk encryption writes (dotted blue) was higher than
Bitlocker's (dotted green), but Bitlocker's reads (solid orange) was
higher than for VeraCrypt (solid yellow). Regardless of which whole
disk encryption you use, it will have an impact on performance, because
it takes CPU cycles to decrypt and encrypt.
That's undeniable, but it misses an important point: will the impact
on performance be great enough to notice?
At least in my case, it is not. My financials are in a VeraCrypt
volume, and other documents are not. It seems to take Excel no more
time to open a spreadsheet in one than the other, and similarly for
Word, my PDF viewer, and so on.
VanguardLH wrote:
Those using Home editions of Windows, like me, don't get Bitlocker.
You were saying?
C:\Windows\System32>manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.22621
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Windows-SSD]
[OS Volume]
Size: 474.72 GB
BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
TPM
Numerical Password
C:\Windows\System32>systeminfo | find "OS Name"
OS Name: Microsoft Windows 11 Home
Could be different on Windows 11 for Home edition. When the Windows 11
is selected, that Microsoft article says:
You'll only see this option if BitLocker is available for your device.
It isn't available on Windows 11 Home edition.
Modern office documents (.xlsx) are a ZIP container, with component parts. This could mean the text storage part, you could read that with
a hex editor (or Wordpad, if they hadn't removed it). But with a defacto encryption in place, examination with a hex editor, would not work.
On Sun, 29 Oct 2023 18:12:52 -0400, Paul wrote:
Modern office documents (.xlsx) are a ZIP container, with component parts. >> This could mean the text storage part, you could read that with
a hex editor (or Wordpad, if they hadn't removed it). But with a defacto
encryption in place, examination with a hex editor, would not work.
I just tried unzipping a .docx file, and did not need
to enter a password. The components displayed just fine
in my text editor; no need for hex.
I should mention that I still use Office 2010. Are you
describing what some later version of Office does?
I could swear I had looked at some document in the past and found
a section that was binary noise.
Paul wrote:
Modern office documents (.xlsx) are a ZIP container, with component
parts. This could mean the text storage part, you could read that
with a hex editor (or Wordpad, if they hadn't removed it). But with
a defacto encryption in place, examination with a hex editor, would
not work.
I just tried unzipping a .docx file, and did not need
to enter a password. The components displayed just fine
in my text editor; no need for hex.
I should mention that I still use Office 2010. Are you
describing what some later version of Office does?
Stan Brown <the_stan_brown@fastmail.fm> wrote:
Paul wrote:
Modern office documents (.xlsx) are a ZIP container, with component
parts. This could mean the text storage part, you could read that
with a hex editor (or Wordpad, if they hadn't removed it). But with
a defacto encryption in place, examination with a hex editor, would
not work.
I just tried unzipping a .docx file, and did not need
to enter a password. The components displayed just fine
in my text editor; no need for hex.
I should mention that I still use Office 2010. Are you
describing what some later version of Office does?
He was probably referring to password-protected Office docs. Just like
.zip files that can be passworded (use a zip tool that doesn't use the ancient ZipCrypto scheme as that is easy to crack), Office doc files can
be passworded.
https://support.microsoft.com/en-us/office/protect-a-document-with-a-password-05084cc3-300d-4c1a-8416-38d3e37d6826
Passwording of Office docs has been available for so long that I don't remember the feature not being present, even back to Office XP (probably
the earliest version I've used; before that was WordPerfect, and before
that was StarOffice, and before that was Wordstar under DOS).
http://www.humanservices.alberta.ca/AWOnline/documents/How%20to%20password%20protect%202010%20word%20docs.pdf
That discusses how to password protect Word 2010 docs. I think I
passworded a .doc file only once which was transported to another user
via Dropbox using sharing to just 1 other Dropbox user, and I sent the password via e-mail. The e-mail was not encrypted, but then only the
other Dropbox users with whom I shared the file could get at the file, anyway.
VanguardLH wrote:
Stan Brown <the_stan_brown@fastmail.fm> wrote:
Paul wrote:
Modern office documents (.xlsx) are a ZIP container, with component
parts. This could mean the text storage part, you could read that
with a hex editor (or Wordpad, if they hadn't removed it). But with
a defacto encryption in place, examination with a hex editor, would
not work.
I just tried unzipping a .docx file, and did not need
to enter a password. The components displayed just fine
in my text editor; no need for hex.
I should mention that I still use Office 2010. Are you
describing what some later version of Office does?
He was probably referring to password-protected Office docs. Just like
.zip files that can be passworded (use a zip tool that doesn't use the
ancient ZipCrypto scheme as that is easy to crack), Office doc files can
be passworded.
https://support.microsoft.com/en-us/office/protect-a-document-with-a-password-05084cc3-300d-4c1a-8416-38d3e37d6826
But you have to work "VelvetSweatshop" into the explanation.
There is a default password. When is the default password engaged ?
Under what circumstances ? You don't have to ever enter that
password while you are working in Office. The tool tries that
password, and only if that password fails, does Office then
prompt for the user-supplied password.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 09:50:36 |
Calls: | 6,666 |
Files: | 12,213 |
Messages: | 5,336,330 |