Microsoft’s Bitlocker & TPM encryption combo defeated with a $10 Raspberry Pi::The point of Microsoft’s Bitlocker security feature is to protect personal data stored locally on devices and particularly when those devices are lost or otherwise physically compromised. With Bi

  • n2burns@lemmy.ca
    link
    fedilink
    English
    arrow-up
    24
    ·
    9 months ago

    Isn’t the whole point of BitLocker protection from direct access? When a computer is turned off, encryption should keep the data safe. Also when a computer is turned off, basically no remote vector is going to work. AFAIK, when the computer is on, the drive is mounted and BitLocker provides no additional protection over an unencrypted drive.

      • ryannathans
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        Veracrypt drive encryption does not have the same problem, it would be secure even with physical access

          • ryannathans
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            9 months ago

            Yeah, it’s safe because of no TPM usage. You can boot from an encrypted drive, it’ll prompt for the key instead of auto loading from vulnerable hardware

            • Natanael@slrpnk.net
              link
              fedilink
              English
              arrow-up
              3
              ·
              9 months ago

              Bitlocker supports the same usecase, but everybody wants that automatic boot feature so…

              It also lets you store a secondary key on a server and require the computer to be on trusted networks to be able to retrieve it to boot, but I’ve never ever heard of anybody using that

              • ryannathans
                link
                fedilink
                English
                arrow-up
                2
                ·
                9 months ago

                Pretty sure it uploads the key to microsoft servers when you do that

                • Natanael@slrpnk.net
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  9 months ago

                  That’s the default, but you can block it in the command line configuration tool