Windows 10 automatically saves the encryption keys on disk OneDrive in cloud. It is a security issue according to a new report, with which the user cannot choose how to proceed during configuration.
In the last few hours is spreading a report, disclosed by the same The Intercept that along with Edward Snowden sparked debate against the government surveillance, about saving automatic encryption key disk of Windows 10. This is not something that we did not know already seen that it is a practice that Microsoft used on Windows 8, and has also confirmed that the latest operating system.
New users who log on to a Windows 10 (or Windows 8) using a Microsoft account performing a disk encryption, with the key which is automatically saved in cloud, on OneDrive. The concern raised by The Intercept in recent hours refers precisely to the fact that all this is done without the user to confirm or something, and often the same user does not even know the existence of this procedure.
The mechanism described above is different from BitLocker, which is only available in the Pro and Business versions of Windows 10 and requires manual activation of the setting with which the user can choose where to save the key. Unlike the latter encryption ” native ” Windows 10 is found on its home and is an old acquaintance, as we said above, all users Windows 8.
But how safe is it to save their encryption key disk in cloud? The dilemma is the usual which is between potential risk and convenience. A device protected by a cryptographic algorithm is inaccessible without its key. Conversely, the key is completely useless if you do not have physical access to the same device. If you lose the key, as a safe, you can say good-bye to all your data in case you need to restore.
It is for this reason that saving the encryption key disk on a service in the cloud can have a lot of sense, especially for bulk user often does not place too much attention to certain issues.
This is not to say that there are problems with this approach, and the main problem is of course linked to security: once the encryption key leaves the original device can be intercepted by third parties, a cyber criminal or Microsoft itself. You must specify that gives Microsoft the ability to permanently delete the encryption key from the account OneDrive simply following this address, even if the procedure does not guarantee that has not already been compromised in some way.
The charge that can move to Microsoft is to ask the user if they do not (or less) up in the cloud during the initial configuration of the device, a bit as does Apple with its service FireVault native encryption. The article suggests some steps to delete the encryption key on your hard OneDrive, such as use BitLocker to decrypt and then re-encrypt the device, thus making the original key completely useless and save the only locally.
It is a procedure for the avoidance of doubt, because we remember that the key is useless if you do not have physical access to the device.