this post was submitted on 07 Feb 2024
681 points (97.5% liked)

Technology

73698 readers
3421 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
681
BitLocker encryption broken in less than 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM (www.tomshardware.com)
submitted 2 years ago by throws_lemy@lemmy.nz to c/technology@lemmy.world
54 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] smileyhead@discuss.tchncs.de -3 points 2 years ago (1 children)

Solution: Just encrypt it with a password.

[–] BaroqueInMind@kbin.social 30 points 2 years ago (2 children)

Bit locker is a password controlled drive encryption. Am I being dumb or are you seriously saying that?

[–] tias@discuss.tchncs.de 24 points 2 years ago* (last edited 2 years ago) (1 children)

I guess they mean use the password as part of the encryption key, or encrypt the key with the password. Bitlocker doesn't use the user's password in that way, which is why it can boot an encrypted system without user interaction. That part always seemed very sketchy to me.

[–] d3Xt3r@lemmy.nz 11 points 2 years ago (1 children)

FYI: You can set it to require a PIN + TPM, or even just a password eg using manage-bde -on c: -password.

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-on

[–] tias@discuss.tchncs.de 3 points 2 years ago (1 children)

Thanks, that sounds really useful. I'm guessing it won't work unless you're local admin though.

[–] d3Xt3r@lemmy.nz 4 points 2 years ago (1 children)

Yep, you'll need local admin of course.

[–] tias@discuss.tchncs.de -2 points 2 years ago* (last edited 2 years ago) (1 children)

Which kind of makes it useless in many corporate environments where it's most needed, since the users won't be able to set their own password.

[–] d3Xt3r@lemmy.nz 5 points 2 years ago (2 children)

I mean, if it's a corporate device then it's really a policy IT should be setting - this can be easily be done via a GPO or Intune policy, where an elevated script can prompt the end-user for a password.

[–] LifeInMultipleChoice@lemmy.world 2 points 2 years ago* (last edited 2 years ago)

Yarp. And when they forget it we use the 48 numerical recovery key found using the recovery ID that shows on the screen when you hit escape (from the bitlocker screen)