That is indeed a worst case event to be wary of and avoid, for any secret data that one may need to retrieve infrequently.
But my original point was that sealing the key to the TPM is better because it prevents adversaries from accessing the volume data by tampering with the boot chain, and provides a lockout where there are too many failed PIN attempts.
The bruteforce attack described by the author wouldn't have been possible on a BitLocker volume that was set up with TPM+PIN.
ilyt|3 years ago
So you... put it in USB drive then dig it out 5 years later and discover it's dead and you're fucked.
nutto|3 years ago
But my original point was that sealing the key to the TPM is better because it prevents adversaries from accessing the volume data by tampering with the boot chain, and provides a lockout where there are too many failed PIN attempts.
The bruteforce attack described by the author wouldn't have been possible on a BitLocker volume that was set up with TPM+PIN.