Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
agentQ2592173dDidn't know this. But it sounds like it can happen if the machine was physically stolen. What are the chances of stealing data from Bitlocker remotely? Like through an installed backdoor after a phishing attack?
bittersweet34951173d@agentQ Bitlocker (in theory) prevents thieves and malicious authorities from removing the drive from the laptop, plugging it into a different device, and then reading the contents.
An unencrypted drive allows you to do that, even if the OS has a password (that's just for entering the OS, and doesn't protect data).
You could view a TPM as a "password lengthener". You could encrypt your harddrive with the password "7777", and the TPM turns that into "777719ae4e5d2c09e8c6144cac0ee663...." (not literally, but you get the idea). You enter the short PIN, the chip makes it more secure.
TPM chips are supposed to be tamper-proof, really good at keeping that "19ae4e5d2c09e...." part secret.
Bitlocker doesn't even require the "7777" part, and harware TPM chips aren't that great at keeping secrets.
So the better option is full disk encryption using a very very LONG password that's easy to remember, like "sothebetteroptionisfulldiskencryptionusingaveryverylongpasswordthatseasytoremember"
Also, full disk encryption only protects against data access AFTER power-down.
Once you enter your decryption key, your disk is accessed continuously by the OS. The TPM still might have a say about decrypting data, but things which are loaded from disk to memory could potentially be a free-for-all-feast, depending on vulnerabilities in the operating system.
As long as your system is ON, it's only as strong as your operating system's lockscreen, and network access, and memory protection, and firmware for external ports, and.... so many points of failure.
Brolls3884157dSee now, these attacks are good on paper, but bitch, how often is your garden variety thief going to know this / have the know-how or even know someone who could do this?
And even more important, how likely is it that the average laptop is going to be worth doing this to?
Honestly, sometimes these attacks feel like “sacrifice three albino virgins to the dark lord at the stroke of midnight while hopping on one foot chanting the Macarena backwards”
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job