top | item 33517846

(no title)

nutto | 3 years ago

That is indeed a worst case event to be wary of and avoid, for any secret data that one may need to retrieve infrequently.

But my original point was that sealing the key to the TPM is better because it prevents adversaries from accessing the volume data by tampering with the boot chain, and provides a lockout where there are too many failed PIN attempts.

The bruteforce attack described by the author wouldn't have been possible on a BitLocker volume that was set up with TPM+PIN.

discuss

No comments yet.