vista does bitlocker make drive less tolerant bad bloc

(before anyone says anything - I know I need to have good backups of my data before embracing bitlocker)
Before BitLocker, if you lost a block, you may not notice a file loss, since the file may not use the whole sector in which the block resides, but after BitLocker, if a block is lost, a whole sector becomes unrecoverable, increasing (relatively) the probability that parts of files will be lost.
Is it reasonable to advise IT departments that, over the lifecycle of all their BitLocker laptops, they should not be surprised if there is a slight increase in incidents of file loss due to bad blocks.
And is it a reasonable compensating control to look into more closely monitoring SMART (Self Monitoring Analysis & Reporting Technology) reports of imminent drive failures?
Thanks!

You bring up some excellent points about the lost block/sector scenario! I guess we will, if we enable BitLocker on the systems, be more diligent in making sure that the units are functioning properly. In a way it is ironic. By making the system less tolerant of error, this actually increases the potential of failure and the IT staff workload. Have you submitted your thoughts to MSFT as Feedback?
"tavis" wrote in message

(before anyone says anything - I know I need to have good backups of my data before embracing bitlocker)
Before BitLocker, if you lost a block, you may not notice a file loss, since the file may not use the whole sector in which the block resides, but after BitLocker, if a block is lost, a whole sector becomes unrecoverable, increasing (relatively) the probability that parts of files will be lost.
Is it reasonable to advise IT departments that, over the lifecycle of all their BitLocker laptops, they should not be surprised if there is a slight increase in incidents of file loss due to bad blocks.
And is it a reasonable compensating control to look into more closely monitoring SMART (Self Monitoring Analysis & Reporting Technology) reports of imminent drive failures?
Thanks!

(I might have confused matters by using the term "block" - I didn't mean the blocks of cyphertext, or the unix-type block which are like Windows clusters, but we all know that clusters are typically groups of sectors...)
What I really meant was...
Before encryption, if a single bit of a 512-byte sector became damaged on a non-SMART hard drive, a file may not be damaged since the file may not use the whole sector in which the bad bit resides.
With Cypher Block Chaining, an AES 256-bit key would encrypt an entire sector in 32-byte blocks. If a bit in the sector is lost, the encrypted 32-byte block and all successive chained blocks in the sector would be lost. Given the probability of where a bit may go bad within a sector, on average 50% of a sector would be lost due to a bad bit.
However, if I understand correctly, most modern and SMART drives automatically have extra space for each sector to perform CRC integrity checks, and 20% extra sectors reserved for re-allocation. If a sector should start to fail, the entire sector is re-constituted in a spare sector, the old is mapped out, and the new takes over, completely transparently to the disk driver above.
"Mark D. VandenBerg" wrote:

You bring up some excellent points about the lost block/sector scenario! I guess we will, if we enable BitLocker on the systems, be more diligent in making sure that the units are functioning properly. In a way it is ironic. By making the system less tolerant of error, this actually increases the potential of failure and the IT staff workload. Have you submitted your thoughts to MSFT as Feedback?
"tavis" wrote in message (before anyone says anything - I know I need to have good backups of my data before embracing bitlocker)
Before BitLocker, if you lost a block, you may not notice a file loss, since the file may not use the whole sector in which the block resides, but after BitLocker, if a block is lost, a whole sector becomes unrecoverable, increasing (relatively) the probability that parts of files will be lost.
Is it reasonable to advise IT departments that, over the lifecycle of all their BitLocker laptops, they should not be surprised if there is a slight increase in incidents of file loss due to bad blocks.
And is it a reasonable compensating control to look into more closely monitoring SMART (Self Monitoring Analysis & Reporting Technology) reports of imminent drive failures?
Thanks!

This is a valid concern. With AES+Diffuser, a single bit error in a sector results in the loss of the entire sector. To ensure high reliability, I recommend the following considerations:
(1) Good quality hard disk. Using a modern SMART drive from a good company is apropriate. (2) Good quality cables. I think at times there's too much faith given to cables ;) (3) Good quality RAM, at least with parity, but with ECC even better.
These are good things to have anyway ;)
- Jamie Hunter [MS]
"tavis" wrote in message

(I might have confused matters by using the term "block" - I didn't mean the blocks of cyphertext, or the unix-type block which are like Windows clusters, but we all know that clusters are typically groups of sectors...)
What I really meant was...
Before encryption, if a single bit of a 512-byte sector became damaged on a non-SMART hard drive, a file may not be damaged since the file may not use the whole sector in which the bad bit resides.
With Cypher Block Chaining, an AES 256-bit key would encrypt an entire sector in 32-byte blocks. If a bit in the sector is lost, the encrypted 32-byte block and all successive chained blocks in the sector would be lost. Given the probability of where a bit may go bad within a sector, on average 50% of a sector would be lost due to a bad bit.
However, if I understand correctly, most modern and SMART drives automatically have extra space for each sector to perform CRC integrity checks, and 20% extra sectors reserved for re-allocation. If a sector should start to fail, the entire sector is re-constituted in a spare sector, the old is mapped out, and the new takes over, completely transparently to the disk driver above.
"Mark D. VandenBerg" wrote:
You bring up some excellent points about the lost block/sector scenario! I guess we will, if we enable BitLocker on the systems, be more diligent in making sure that the units are functioning properly. In a way it is ironic. By making the system less tolerant of error, this actually increases the potential of failure and the IT staff workload. Have you submitted your thoughts to MSFT as Feedback?
"tavis" wrote in message (before anyone says anything - I know I need to have good backups of my data before embracing bitlocker)
Before BitLocker, if you lost a block, you may not notice a file loss, since the file may not use the whole sector in which the block resides, but after BitLocker, if a block is lost, a whole sector becomes unrecoverable, increasing (relatively) the probability that parts of files will be lost.
Is it reasonable to advise IT departments that, over the lifecycle of all their BitLocker laptops, they should not be surprised if there is a slight increase in incidents of file loss due to bad blocks.
And is it a reasonable compensating control to look into more closely monitoring SMART (Self Monitoring Analysis & Reporting Technology) reports of imminent drive failures?
Thanks!