GCN Tech Blog

By GCN Staff

Blog archive

The bits behind BitLocker

This morning the Potomac Forum and Microsoft Corp. held a very informative breakfast for government IT professionals to talk about Windows Vista and what agencies need to think about as they decide when/how to migrate to the new OS, due out later this year.

As Patrick Arnold, Microsoft Federal's CTO, was describing Vista's BitLocker disk encryption technology, he mentioned it used the Advanced Encryption Standard and was NIST Federal Information Processing Standards-compliant. We were pretty sure of the former, based on our discussions with Vista product managers at Microsoft HQ earlier this year. But the latter was new info to us.

After the event, we pigeon-holed Microsoft senior technology specialist Rob Campbell and asked him about BitLocker's encryption. His reply--that it uses 256-bit AES encryption--differed slightly from the answer we got a while back, which was that BitLocker employs 128-bit AES.

Now, NIST-approved AES can be either 128-bit or 256-bit, and many encryption solutions have user-definable key lengths. So maybe we were just being uptight. Still, when we returned to the office, we dropped Microsoft an e-mail to clear things up once and for all.

So now, with the lead firmly buried at the end of this blog entry, here's the answer:

Through a spokesperson, Arnold clarified the issue. "BitLocker uses AES as its encryption algorithm with configurable key lengths of 128 or 256 bits. These options are configurable using Group Policy."

And FIPS?

"FIPS evaluation is in process and we expect it will be completed by RTM [when Microsoft releases the OS to system manufacturers]."

BitLocker stands to protect agencies from the hazards of mobile computing. With the blessing of NIST, they'll be able to roll it out with confidence.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Jun 13, 2006 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.