Yet another #BitLocker "exploit" circulating.
-
Yet another #BitLocker "exploit" circulating.
This is a friendly reminder that if you set your system to just unlock with TPM alone, the system is not protected against determined attacker. BitLocker with TPM cannot protect your system unless if you configure the system to request PIN as well.
-
Yet another #BitLocker "exploit" circulating.
This is a friendly reminder that if you set your system to just unlock with TPM alone, the system is not protected against determined attacker. BitLocker with TPM cannot protect your system unless if you configure the system to request PIN as well.
@harrysintonen if you need a pre-boot PIN to make BitLocker work, wouldn't using hardware full disk encryption just be a better option? If I have to input a password or PIN at boot I'd rather use what the hardware already provides rather than Microsoft's implementation.
-
@harrysintonen if you need a pre-boot PIN to make BitLocker work, wouldn't using hardware full disk encryption just be a better option? If I have to input a password or PIN at boot I'd rather use what the hardware already provides rather than Microsoft's implementation.
@gabrielesvelto Any solution that unlocks the encryption automatically without user having to provide "something you know" (*) is vulnerable to attacks by definition.
*) "something you have" may be good enough, for example some token or USB key. In this case you need to accept the risk of the attacker gaining access to the token, however.
-
R relay@relay.infosec.exchange shared this topic
