Return to site

Who Holds the Encryption Keys?

· Articles

Sandline Discovery - Insight, Ideas and eDiscovery

In 2015, Microsoft got a bit of bad press for storing Windows 10 disk encryption keys:

Disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft's servers…

Of course, keeping a backup of your recovery key in your Microsoft account is genuinely useful for probably the majority of Windows users.

This scheme is vastly more secure than previous Windows configurations, that is, whole disk encryption off by default; so, why the anger?

Key escrow, in this fashion, means that anybody with access to both your physical device and your Microsoft account can read the data on that device. The problem, if you're sufficiently paranoid, is that "anybody with access to your Microsoft account" probably includes some number of Microsoft employees, various United States agencies, foreign governments, your family, friends, pets, and, if you're unlucky or careless, a cadre of disreputable people in places with flexible legal views toward cybercrime.

Below are some awesome virtues of encryption, but encryption is not magic dust. Sadly, people too often talk as if it is. If I had a nickel for every time I read that something is secure because it's encrypted, I could probably buy a very nice bottle of scotch.

All else equal, I prefer to store my data in a place that promises to encrypt it, but for most purposes, it hardly matters that your cloud provider encrypts your data at rest. What matters is who has the keys.

Encryption is more than a lock

Encryption sometimes seems like a type of physical lock, as if you're putting your files in a cabinet and turning a key to secure them. Properly implemented encryption, however, is astronomically more secure than physical locks.

Not that physical security is useless. Physical security is essential, which is why we process data in a place that has dual authentication and a puddle of alphabet soup to its credit. The difference between physical locks and encryption, however, is that anybody with a crowbar can break into a lockbox, while well-known encryption algorithms are unbreakable for now:

My guess is that [the NSA] can't [break AES]… I believe that what the "top official" was referring to is attacks that focus on the implementation and bypass the encryption algorithm: side-channel attacks… attacks that target the endpoints of the communication system and not the wire, attacks that exploit key leakage, attacks against buggy implementations of the algorithm, and so on.

Well-known encryption algorithms are like safes, but safes that are exposed to all the world's best safe crackers and have so far refused to break.


When we break encryption, we almost always use a side channel, like known-plaintext attacks against particularly weak implementations, or something as simple as looking for a password in nearby emails, which is why we send passwords by one time secret.

Smart money says the NSA breaks encryption the same way, so encrypt, and do it right.

Written by Joe Ulfers

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!