Hacker News new | ask | show | jobs
by nutto 1315 days ago
BitLocker does this much better. With TPM+PIN mode, the TPM will only decrypt the volume master key if all the right hashes are in the platform configuration registers for the BIOS, option ROMs, MBR, filesystem headers and bootloader, and the user-specified PIN is correct. Or if you enter the 128-bit recovery key.

The BSDs and Linux have a lot of catching up to do.
2 comments
anthk 1315 days ago
>The BSDs and Linux have a lot of catching up to do.

Stop putting every BSD in the same basket.

Also, this is Unix, you can put encrypted slices/partitions with ease. You can omit to encrypt the system files and encrypt the data and config partitions.

But FDE avoids tampering.

link
orangepurple 1315 days ago
So if your motherboard needs to be replaced you can't recover your data? Nice!
link
nijave 1315 days ago
It's effectively just multiple key protectors. TPM+PIN is one way to protect the data encryption key. You can also backup the actual encryption key (which is the recovery key). You can also add a password that protects the key or back the key up to an online Microsoft account or enterprise Active Directory account.
link
nutto 1315 days ago
The actual encryption key for the volume data isn't the recovery key, it's the FVEK (full volume encryption key), which is encrypted using the VMK (volume master key).

The recovery key is a 128-bit value (entered as 8 groups of 7 digits, each of which when divided by 11 gives a 16-bit value, where a non-zero remainder indicates the group has been incorrectly entered) which gets hashed repeatedly, with a salt, to derive a 256-bit key that decrypts a copy of the VMK.

link
nutto 1315 days ago
No, you would use the recovery key in that scenario.
link
ilyt 1314 days ago
And we're back to the problem of having to store some rarely used credential somewhere.

So you... put it in USB drive then dig it out 5 years later and discover it's dead and you're fucked.

link
nutto 1314 days ago
That is indeed a worst case event to be wary of and avoid, for any secret data that one may need to retrieve infrequently.

But my original point was that sealing the key to the TPM is better because it prevents adversaries from accessing the volume data by tampering with the boot chain, and provides a lockout where there are too many failed PIN attempts.

The bruteforce attack described by the author wouldn't have been possible on a BitLocker volume that was set up with TPM+PIN.

link