[lelandriordan]

I know everyone likes to bash MS around here but is there any actual proof of Bitlocker's insecurity that is more recent than 2008? If you look at wikipedia it seems like the only known real vulnerability requires someone with physical access to boot via USB into another OS within a few minutes of turning the computer off. When is this a real risk for anyone? I am not a security expert but unless you are doing things shady enough to get raided by the FBI, it seems like Bitlocker is pretty secure. The same problem occurs in other encryption programs on Linux and OSX. Also, it may not be open source like what we want, but MS lets its partners and enterprise customers audit the code subject to an NDA.

http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption#Secu...

[pfg]

It's really not that hard to imagine scenarios where this might happen. Simply leaving your notebook unattended after a shutdown might leave you compromised. Besides, government agencies in other countries might have a slightly different view on what constitutes "shady behaviour" (think regime critics).

[rflig]

Don't forget that M$ gives you the great 'service' to store your BL-key in your M$-account (on their servers) as soon as a) your machine is not connected to a domain and b) you're [...] enough (most are!) to log on with an M$-account to Win8.x.

[alextgordon]

Put it this way. There's no proof that BitLocker is any more effective than rot13.

[nacs]

It's not open source so who knows what's lurking in there? It's not like anyone has been able to audit the source of Bitlocker.