Definition: BitLocker Drive Encryption is a new feature in Windows Vista that provides enhanced data protection for your computer. BitLocker is Microsoft’s response to one of their top customer requests: address the very real threats of data theft or exposure from lost, stolen or inappropriately decommissioned PC hardware and tightly integrate the solution into Windows.

Here’s an ArsTechnica summary of an interview with Russell Humphries, Senior Product Manager for the Windows Vista BitLocker team:

* BitLocker is using the Trusted Platform Module (TPM) 1.2 to protect user data and to ensure that a PC running Windows Vista has not been tampered with while the system was offline. Microsoft will not support anything earlier than TPM 1.2.
* BitLocker’s AES encryption uses 128 or 256 bit key lengths configurable via Group Policy.
* It will have only a negligible effect on Vista’s performance.
* The recovery key can be saved to a folder, saved to a USB key, automatically generated via Group Policy and saved in Active Directory, or printed.
* Humphries had no comment on whether BitLocker could be enabled on a system that already has Vista installed without rebuilding the entire OS.
* The technology’s multi-factor authentication model supports both a pre-boot PIN and a USB Startup Key.
* Microsoft is currently working on the FIPS 140-2 certification of BitLocker.
* BitLocker’s integrity check may fail if the BIOS, MBR, boot sector, boot manager or other early boot components are changed without authorization.