Hacker News new | ask | show | jobs
by e12e 2661 days ago
This is excellent. I've been wondering/troubled about the ease of use of bitlocker. Nice to get confirmation that standard bitlocker is rubbish against real attackers.

Sad however, that the only additional defense appear to be "more blind trust in hardware" and no option for key derived from a passphrase.

We know from the Xbox hack that keys in cheap hw isn't secure (enough).
1 comments
gtsteve 2661 days ago
You actually can configure Bitlocker to accept a passphrase instead but the option isn't easy to find.

https://www.windowscentral.com/how-use-bitlocker-encryption-...

link
e12e 2661 days ago
Now that you mention it, I was actually aware of this possibility. But it feels a little counter-intuitive to disable security hw in order to get secure encryption.

I consider it a pretty awful state, when what you probably want: no way to decrypt drive contents based only on what you get when you steal a laptop - the user has to go through extra work.

I suppose I can understand the preference for a "secure" key storage protected by a pin - over a complex pass-phrase. But I don't understand why it's easy (or even possible) to activate bitlocker with a largely unprotected key in "safe" storage.

link