What happens to encryption during stand-by mode?

[brontosaurus]

I successfully enabled hardware encryption via bitlocker on my samsung 850 evo. But given my lack of in-depth understanding of encryption, I have some questions...

1) What happens when I put my computer on stand-by? Since it doesn't ask me to put in my encryption password when I wake the computer up, is the computer unencrypted while in stand-by? I don't know if this should be a security concern, but just a random thought that came up. I tend to put my computers in stand-by and I'm wondering if I need to change my habit to just turn it off.

2) Not sure if this is related, but my computer seems to freeze up when I wake it up from stand-by ever since I enabled encryption. My mouse moves, but my keystrokes and mouse clicks don't register so I can't type in my password to log-in. I've never had a computer freeze up like this in recent memory, and this is my first time using encryption.

I'm running Windows 8.1 pro.

 

[corkyg]

Re stand by, do you mean sleep or hibernation?

 

[brontosaurus]

@corkyg

Sleep, not hibernation.

Also, I woke it up after extended sleep overnight, and it gave me a BSOD with the term "kernel_data_inpage_error." Couldn't take a picture before it restarted...

 

[corkyg]

OK, as I understand it, that is a user choosable option. IOW, you can require a password or not require a password.

http://www.eightforums.com/tutorial...ection-wakeup-enable-disable-windows-8-a.html

 

[brontosaurus]

@corkyg

Let me clarify my situation. The user-enabled password is independent of the bitlocker encryption, and I already have that log-in password enabled. But I'm talking about bitlocker password screen. See below for the bitlocker pw screen when I turn the computer on from completely off:

But when I put the computer to sleep and wake it up, the bitlocker pw screen doesn't show up, and goes directly to the log-in screen shown below:

So my question is, if bitlocker only asks for the encryption pw during off-to-on, what is happening when the computer is put to sleep? Is the ssd in unencrypted state?

 

[corkyg]

Seems like you have stumbled on to a Bitlocker vulnerability. When the laptop goes to sleep, Bitlocker apparently does not close. That suggests that the system is vulnerable in a decrypted or open mode while asleep and when it wakes up. I would suggest that you use Hibernate instead of sleep if you are not physically present.

https://freedom-to-tinker.com/blog/felten/cold-boot-attacks-vulnerable-while-sleeping/

 

[mrblotto]

I reckon you could try something:
-create a folder and share it out via networking/sharing on the bitlockered computer ("test", whatever)
-let the machine go to sleep/standby
-from another machine (on the same network for simplicity), try to access the share (map network drive via FQN/IP addy) and your credentials. Dunno if the 'host' machine has to be set to 'wake on lan' or not
-see if it does anything/asks anything about bitlocker

-if it does, I would guess it works/is enabled all the time
-if it doesn't......well, it doesn't

If this sounds rather vague, I apologize b/c I've tossed back a few lol

 

[brontosaurus]

@corkyg

It seems like when I put the computer in hibernation, the bitlocker pw screen pops up. I say "seems" because whenever I try to type in my pw at the bitlocker pw screen, it suddenly shuts off. So I have to turn it on again, and by then, I don't know if it's still in hibernation mode or just starting up from off, since it randomly shut off.

Another issue I tried to resolve is, when I wake up the computer from extended sleep (i.e. overnight), it locks up on log-in screen then this shows up:

Do you think this is related to bitlocker encryption?

I googled some solutions, and tried this but neither win mem diag or chkdsk found any problems with SSD or RAM..

Any suggestions?

I'm going to assume hibernation encrypts prior to going into said mode, while sleep does not, for now.

 

[brontosaurus]

@corkyg

it seems like neither sleep nor hibernate is particularly secure.. thanks for the enlightening link! It seems best that I just shut the computer off.

 

[AlienTech]

Drive encryption only means people wont be able to move the hard drive to new machine and get access to all your data. This was a major problem before because they could not access the computer easily because of bios password protection so they removed the drive and used another computer. Once they have access to the desktop, they can read what ever data they want. Not setting a password for wake from sleep would mean they can just get to the desktop and read the data.. Windows has an option to ask you to enter a password or NOT. If you wanted security why did you disable it? It is not disabled by default unless you do not have a password to begin with. And just encrypting the data on the drive without a bios and os password is just asking for trouble. If you forget your password both your computer and data are lost. Service centers have special access to unlock the computer at least but from what I have seen you need special permission and sometimes even a police report that it is your legal computer and such before they will unlock it. But even then data loss is not guaranteed..

 

[corkyg]

@corkyg it seems like neither sleep nor hibernate is particularly secure.. thanks for the enlightening link! It seems best that I just shut the computer off.

AlienTech makes valid points. This is why I went to a SSD in my laptop. The time for a cold boot is less than a minute, delayed only by my entering the boot PW. I use neither sleep nor hibernate.

 

[myocardia]

But even then data loss is not guaranteed..

AlienTech meant data recovery is not guaranteed, I can assure you.

This is why I went to a SSD in my laptop. The time for a cold boot is less than a minute, delayed only by my entering the boot PW.

Yeah, on a higher performance (desktop) computer, cold boot until Windows password screen is 7 to 8 seconds when using an SSD, assuming you don't have RAID card(s), or Bitlocker password screens slowing it down. It honestly makes zero sense to not just shut it down, when you aren't using it.

 

[AlienTech]

It honestly makes zero sense to not just shut it down, when you aren't using it.

Oh I think it is far too difficult to press the shutdown button for many people. It would mean having to move your wrist at least 6 inches causing a lurch and maybe exhaling and heaving your chest.


/serious