[PhilipRoman]

>something you know (password)

Conveniently saved in your browser :) Might not be easy to extract from a logged-out device, but grabbing the device quickly can bypass both "factors" simultaneously.

Makes me wonder how functions like CryptProtectData protect against physical disk access with hex editor. The hash of the login password can be changed to anything and obviously they cannot access the actual password since it should be destroyed after hashing. So unless TPM is involved I don't see how it can be secure.

[Dylan16807]

> Makes me wonder how functions like CryptProtectData protect against physical disk access with hex editor. The hash of the login password can be changed to anything and obviously they cannot access the actual password since it should be destroyed after hashing. So unless TPM is involved I don't see how it can be secure.

It derives a key from your password when you log in. Changing the authentication hash will only let you log in, not figure out what the key was.

[PhilipRoman]

Oh that's smart, not storing the password anywhere but using the user as an input source for it.

[withinboredom]

Even if the TPM is involved, it can be cracked. But as with any hack, once someone has physical access to your computer, all bets are off.

The odds of someone stealing your computer to hack into your accounts instead of simply selling it on eBay are practically zero for most people.

[fragmede]

can it really? the abilities of TLAs is unknown, but RSA with a properly sized key isn't known to have many weaknesses. that doesn't mean there aren't any sidechannel attacks but your average thief isn't going to be able to break into an encrypted hard drive on any reasonable amount of time, even if they have physical possession of the device. Or so I'm lead to believe. if you have evidence to the contrary, I'd love to hear!

[withinboredom]

https://hackaday.com/2024/02/06/beating-bitlocker-in-43-seco...

:)