![]() ![]() The issue with TPM’s gets a bit more complicated, modern PC’s often no longer come with a dedicated hardware TPM, instead this feature is being provided by the chipset. ![]() Sound’s good until you realize that you can sniff the LPC bus and extract the volume master key, now isn’t that handy. Case #2 - TPMs can’t be trustedīy default, Microsoft BitLocker is using the Trusted Platform Module (TPM), to manage the keys, if one is present. It took Microsoft until late 2019 to change the preset and by default no longer trust SEDs. To alleviate this issue the user would have to know about it and use a Groupe Policy to disable this feature. Demonstrating that for the past 6 years users of BitLocker and such drives were entirely compromised and did not even knew it. As at the CCC in December of 2018 during the talk Self-encrypting deception independent security researchers have demonstrated live on stage how to bypass the hardware encryption of many SSD models using a ~20€ ♜ programmer/debugger. However, Microsoft did not care to audit the various Self-Encrypting Drives (SEDs) hence leaving millions of its users with practically no security what’s o ever. Starting with windows 8 (and server 2012) BitLocker got a feature, which is enabled by default, that allows the cryptographic operations of BitLocker encryption to be offloaded to the storage device\'s hardware. It is not suitable to protect sensitive personal data, or confidential trade secrets, from a skilled or resourceful adversary. ![]() It provides a commercially accepted solution to delegate the responsibility for customer data protection to “someone else”. BitLocker is clearly a product for enterprises designed to be easily manageable at the expense of security. BitLocker does not really care for securityĪs shown by the cases below Microsoft in the past did not show the necessary due diligence when developing BitLocker, leaving users to be easily compromised. So Why not BitLockerįirst and foremost, BitLocker is proprietary software that was never publicly audited created by a company that falls under US law hence has to obey National security letters, see the Lavabit case for an example how that can play out.Įncryption software of any kind should there for be always open source, that is not a guarantee for it being secure, as with the cases of Heartbleed and Apples GotoFail, but being open source is a necessary precondition for it to be able to be considered secure at all. On older versions of windows like vista and 7 this feature can only work with a TPM-Chip. It is designed to protect data by providing encryption for entire volumes.
0 Comments
Leave a Reply. |