Understanding the Use of BitLocker Recovery Key on Removable Media
BitLocker (in all uses) has a master encryption key which is encrypted using keys based on several "protectors". Common protectors for system partitions are TPM, passphrase ("PIN"), file-based key, and so on. BitLocker can also be temporarily "suspended" by writing a plain-text protector to the volume. Across all use cases, the recovery key is an additional protector (it can be disabled if you want to, though you’ll probably need to use the command-line manage-bde.exe
tool to do it).
For any version of BitLocker where a PIN/passphrase protector is used, there’s a risk of an attacker attempting to brute-force it. BitLocker has standard protections against this (mostly the use of an extremely slow password hashing function), which work both for online and offline attacks. However, in the case of online attacks, BitLocker can also respond to repeated incorrect password attempts by removing the PIN/passphrase protector (deleting the data necessary to derive the protection key for decrypting the master key, even if the correct password is later entered). While this doesn’t stop somebody who imaged the BL metadata before attempting their attack, or who is accessing the volume through a write-blocker, it does prevent casual attempts to break into an encrypted flashdrive or external hard disk.
However, with the PIN/passphrase protector gone, you need some other protector if you want to ever decrypt the drive. That – in addition to "forgot password" cases – is what the recovery key is for. It also provides a long-term secret that can be thrown in a safe or something and doesn’t need to be updated even if you change the passphrase.