undefined | Better HN

0 pointsburan771y ago0 comments

The attacker must be able to fake any pre-boot drive unlock screen and OS login screen to look exactly as the user's real screens but accept any password.

Legend goes that security oriented people will visually customize their machines with stickers (and their associated aging patina) and all kinds of digital cues on the different screens just to recognize if anything was changed.

MS chose to impose TPM because it allows encryption without interactive password typing (BitLocker without PIN or password which is what most machines are running). That's it. The users get all the convenience of not having to type extra passwords when the machine starts, and some (not all) of the security offered by encryption. Some curious thief can't just pop your drive into their machine and check for nudes. The TPM is not there to protect against NSA, or proverbial $5 wrench attacks but as a thick layer of convenience over the thinner layer of security.

0 comments

Topfi1y ago

> Legend goes that security oriented people will visually customize their machines with stickers (and their associated aging patina) and all kinds of digital cues on the different screens just to recognize if anything was changed.

Maybe I am mistaken, but I feel that the people going to such lengths to ward off an attacker and the people who’d want to rely on fTPM with Bitlocker over FOSS full disk encryption with a dedicated passphrase are two entirely separate circles.

> The TPM is not there to protect against NSA, or proverbial $5 wrench attacks but as a thick layer of convenience over the thinner layer of security.

I agree with you there, it is convenience, not security, but as such, should it be any more mandatory than any other convenience feature such as Windows Hello via fingerprint or IR? I’d argue only for newly released hardware, but don’t make that mandatory for existing systems.

Especially since I had one case where fTPM was not recognized, no matter what I did, despite it being enabled in the UEFI and showing up in Windows 10 and on Linux, I could not install 11.

buran77OP1y ago

> the people going to such lengths to ward off an attacker and the people who’d want to rely on fTPM with Bitlocker over FOSS full disk encryption with a dedicated passphrase are two entirely separate circles.

Bitlocker + PIN/password (hence my mention of a pre-boot password) is a good combination that isn't any worse than any "FOSS full disk encryption". Beyond the catchy titles of "Bitlocker hacked in 30s" is the reality that it takes just as many seconds to make it (to my knowledge) unhackable by setting a PIN or password.

Adding the (f)TPM improves the security because you don't just encrypt the data, you also tie it to that TPM, and can enforce TPM policies to place some limits on the decryption attempts.

> it is convenience, not security

It's convenience and (some) security by default. Not great security but good enough for most of those millions of Windows users. The security was the mandatory part, encrypting the storage by default. The convenience was added on top to get the buy-in for the security, otherwise people would complain or worse, disable the encryption. Whoever wants to remove that convenience and turn it into great security sets a PIN.

j / k navigate · click thread line to collapse