none
Bitlocker password 256 characters breaks unlocking RRS feed

  • Question

  • Hello

    I've run into a little problem with bitlocker password length. Somewhere I read that you can use up to 256 characters for the recovery password so I generated such a password via keepass. The bitlocker UI obviously had no problem with this. After restarting the system and trying to reenter the password i get the message "the password entered is incorrect".

    According to this article http://social.technet.microsoft.com/wiki/contents/articles/11520.bitlocker-passwords-should-be-less-than-100-characters-in-length.aspx passwords will be truncated to 100 characters. I already tried reducing the password to 100 chars without any success.

    To reproduce this problem I enclose the used password here

    LLZcZ^~q.~Q4Xa.B&9`Drg:c/evpPr$mSQp?bEL&hyNWb|g~dNBeIg@ZyYGjL/;bx/NO1NMh869nlZ*~OeiHD054i9Ut+z9:p1'?f~dk#`;NI|sWpdm4X%'MS7&a5U3lruHS;;EPAPlh,Mfp~WGP'Qz?~BSZ;pv~yGeWdf@*r:lfaIvFB35Cg1vee'A$koM4U~Kx,2luM,Vx'OHP=9Paj.PpBq_5aA3bn%/KTdo@`9H\mY&CU1ISpBfc%sy"gvH"

    Is there a way to enter the recovery password without using the recovery key?

    Sunday, April 17, 2016 6:46 PM

Answers

  • Hi Mase444,

    What do you mean by saying "Is there a way to enter the recovery password without using the recovery key?"?

    I think the Recovery Password and the recovery key you mentioned should be the same thing here.

    We could take use of the command below to ublock the drive with the Recovery key:

    manage-bde -unlock F: -rp *********

    Some reference:

    https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-recovery-guide-plan#bkmk-recoveryretrieval

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Monday, April 18, 2016 2:58 AM
    Moderator
  • Hi Michael

    > What do you mean by saying "Is there a way to enter the recovery password without using the recovery key?"?c

    Sorry for the confusion: I meant without using the 48 digit recovery key

    > We could take use of the command below to ublock the drive with the Recovery key:
    > manage-bde -unlock F: -rp *********

    I tried using power shell but apparently I made an mistake with my attempt.
    >get-help Unlock-BitLocker -examples
    lead me to trying this:
    > $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
    > Unlock-BitLocker -MountPoint "E:" -Password $SecureString
    the problem with my password was those special characters (for example " or ´ or $) which need to be escaped.
    Apparently I made an mistake in my first attempt and now I retried it again with this command line:
    > $SecureString = ConvertTo-SecureString "LLZcZ^~q.~Q4Xa.B&9``Drg:c/evpPr`$mSQp?bEL&hyNWb|g~dNBeIg@ZyYGjL/;bx/NO1NMh869nlZ*~OeiHD054i9Ut+z9:p1'?f~dk#``;NI|sWpdm4X%'MS7&a5U3lruHS;;EPAPlh,Mfp~WGP'Qz?~BSZ;pv~yGeWdf@*r:lfaIvFB35Cg1vee'A`$koM4U~Kx,2luM,Vx'OHP=9Paj.PpBq_5aA3bn%/KTdo@``9H\mY&CU1ISpBfc%sy`"gvH`"" -AsPlainText -Force

    so basically this password:
    > LLZcZ^~q.~Q4Xa.B&9`Drg:c/evpPr$mSQp?bEL&hyNWb|g~dNBeIg@ZyYGjL/;bx/NO1NMh869nlZ*~OeiHD054i9Ut+z9:p1'?f~dk#`;NI|sWpdm4X%'MS7&a5U3lruHS;;EPAPlh,Mfp~WGP'Qz?~BSZ;pv~yGeWdf@*r:lfaIvFB35Cg1vee'A$koM4U~Kx,2luM,Vx'OHP=9Paj.PpBq_5aA3bn%/KTdo@`9H\mY&CU1ISpBfc%sy"gvH"
    needed to be escaped to this:
    > LLZcZ^~q.~Q4Xa.B&9``Drg:c/evpPr`$mSQp?bEL&hyNWb|g~dNBeIg@ZyYGjL/;bx/NO1NMh869nlZ*~OeiHD054i9Ut+z9:p1'?f~dk#``;NI|sWpdm4X%'MS7&a5U3lruHS;;EPAPlh,Mfp~WGP'Qz?~BSZ;pv~yGeWdf@*r:lfaIvFB35Cg1vee'A`$koM4U~Kx,2luM,Vx'OHP=9Paj.PpBq_5aA3bn%/KTdo@``9H\mY&CU1ISpBfc%sy`"gvH`"

    I still believe this is an ui bug within bitlocker.
    The dialog to set the new password accepted it without any error.
    Entering the same password in the unlock dialog does however not work.

    Thanks for your help and best regards
    Mathias
    • Marked as answer by Mase444 Monday, April 18, 2016 7:09 AM
    Monday, April 18, 2016 7:09 AM

All replies

  • Hi Mase444,

    What do you mean by saying "Is there a way to enter the recovery password without using the recovery key?"?

    I think the Recovery Password and the recovery key you mentioned should be the same thing here.

    We could take use of the command below to ublock the drive with the Recovery key:

    manage-bde -unlock F: -rp *********

    Some reference:

    https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-recovery-guide-plan#bkmk-recoveryretrieval

    Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Monday, April 18, 2016 2:58 AM
    Moderator
  • Hi Michael

    > What do you mean by saying "Is there a way to enter the recovery password without using the recovery key?"?c

    Sorry for the confusion: I meant without using the 48 digit recovery key

    > We could take use of the command below to ublock the drive with the Recovery key:
    > manage-bde -unlock F: -rp *********

    I tried using power shell but apparently I made an mistake with my attempt.
    >get-help Unlock-BitLocker -examples
    lead me to trying this:
    > $SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
    > Unlock-BitLocker -MountPoint "E:" -Password $SecureString
    the problem with my password was those special characters (for example " or ´ or $) which need to be escaped.
    Apparently I made an mistake in my first attempt and now I retried it again with this command line:
    > $SecureString = ConvertTo-SecureString "LLZcZ^~q.~Q4Xa.B&9``Drg:c/evpPr`$mSQp?bEL&hyNWb|g~dNBeIg@ZyYGjL/;bx/NO1NMh869nlZ*~OeiHD054i9Ut+z9:p1'?f~dk#``;NI|sWpdm4X%'MS7&a5U3lruHS;;EPAPlh,Mfp~WGP'Qz?~BSZ;pv~yGeWdf@*r:lfaIvFB35Cg1vee'A`$koM4U~Kx,2luM,Vx'OHP=9Paj.PpBq_5aA3bn%/KTdo@``9H\mY&CU1ISpBfc%sy`"gvH`"" -AsPlainText -Force

    so basically this password:
    > LLZcZ^~q.~Q4Xa.B&9`Drg:c/evpPr$mSQp?bEL&hyNWb|g~dNBeIg@ZyYGjL/;bx/NO1NMh869nlZ*~OeiHD054i9Ut+z9:p1'?f~dk#`;NI|sWpdm4X%'MS7&a5U3lruHS;;EPAPlh,Mfp~WGP'Qz?~BSZ;pv~yGeWdf@*r:lfaIvFB35Cg1vee'A$koM4U~Kx,2luM,Vx'OHP=9Paj.PpBq_5aA3bn%/KTdo@`9H\mY&CU1ISpBfc%sy"gvH"
    needed to be escaped to this:
    > LLZcZ^~q.~Q4Xa.B&9``Drg:c/evpPr`$mSQp?bEL&hyNWb|g~dNBeIg@ZyYGjL/;bx/NO1NMh869nlZ*~OeiHD054i9Ut+z9:p1'?f~dk#``;NI|sWpdm4X%'MS7&a5U3lruHS;;EPAPlh,Mfp~WGP'Qz?~BSZ;pv~yGeWdf@*r:lfaIvFB35Cg1vee'A`$koM4U~Kx,2luM,Vx'OHP=9Paj.PpBq_5aA3bn%/KTdo@``9H\mY&CU1ISpBfc%sy`"gvH`"

    I still believe this is an ui bug within bitlocker.
    The dialog to set the new password accepted it without any error.
    Entering the same password in the unlock dialog does however not work.

    Thanks for your help and best regards
    Mathias
    • Marked as answer by Mase444 Monday, April 18, 2016 7:09 AM
    Monday, April 18, 2016 7:09 AM
  • Why on earth would someone want to enter a more than 100 digit password? Please explain. Especially when a recovery key is configured (which cannot be longer than 48 digits), it makes no sense at all.

    Enter the recovery key, then change the password to something shorter, there you go.

    Monday, April 18, 2016 1:57 PM
  • I searched google with the same problem with yours lately cause I had issue, but apparently no one knows the answer.

    I understand your problem as a man(whatever there was on your hdd) and I’d love to help you if you’re still wandering.

    I don’t think you would after almost 4 years, but if your problem is on going, reply me.

    Wednesday, January 29, 2020 3:53 PM