We all knew it was going to be this dumb, but today I'm here to tell you it *is* this dumb and I just implemented it.
Show this thread
Anyway, if you rely on BitLocker in TPM mode (boot without PIN), you should know that anyone can steal your computer, sniff 32 bytes off of the LPC bus, stick them into libbde, and decrypt your disk. Yes, it's that easy. Solder 7 wires to $favorite_fpga_board, decrypt drive.
-
-
-
Also many computers (e.g. anything with an external TPM module, but also the many that have LPC on a debug or other extension port) have headers for LPC, so then you don't even need to solder anything.
Show this thread
End of conversation
New conversation -
-
-
that was kinda known tho, that's why MS recommends to use password/pin to unlock the drives, in addition to using TPM
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I never understood what security TPM BitLocker without PIN or password offered in the first place. If someone steals your computer, how does the TPM know it was stolen? Surely it just boots up and decrypts as normal.
-
The idea is that you have a login password and the TPM makes it slightly harder to compromise the boot process to bypass it. But only slightly.
- Show replies
New conversation -
-
-
I wish chassis intrusion detection would wipe the tpm automatically
-
What you want is an HSM, not a TPM.
- Show replies
New conversation -
-
-
Zen and 14nm Intel chips all have the LPC problem and it affects UEFI and some Intel stuff too... I'm one of those people who kept using TrueCrypt after everyone quit do to the original author being politically incorrect..
-
Do you still use TrueCrypt or have you tried the
@VeraCrypt_IDRIX replacement?
End of conversation
New conversation -
-
-
I'm glad I use avast
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.