[layer8]

Better writeup: https://infosec.exchange/@wdormann/116565129854382214

The published exploit doesn’t affect Bitlocker with a PIN, without which Bitlocker isn’t secure anyway. The original author claims they have an exploit that also works with a PIN, but hasn’t provided any proof of that.

[briffle]

Does your company require the pin? Or more importantly, does the company that your company pays for Cyber insurance require the pin?

I have never seen a company where they require the pin for bitlocker.

[peapicker]

My employer does, and 10 digits. (very large software company)

[elictronic]

It is a mandatory requirement for many Department of Defense Contractors. It matters what systems your company interacts with here creating the requirement. The bigger ones just mandate it to save headaches.

[anal_reactor]

Assuming that the PIN version claim is true, it's interesting to think why they would've released a nerfed useless version rather than the PIN version. I have some ideas but they're completely baseless.

[qingcharles]

And there is a level above PIN with Bitlocker too, you can have a USB stick with a key on it which you use only during boot. I would imagine that is secure from this attack as the data isn't even stored on the device (I hope).