←back to thread

Bypassing disk encryption on systems with automatic TPM2 unlock

(oddlama.org)

189 points arjvik | 1 comments | 17 Jan 25 03:00 UTC | HN request time: 0s | source

Show context

acheong08 ◴[17 Jan 25 04:12 UTC] No.42733994[source]▶

>>42733640 (OP) #

I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(19): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #

1. userbinator ◴[17 Jan 25 05:24 UTC] No.42734370[source]▶

Between consciously encrypting with a user-supplied password, and not encrypting at all, automatic encryption seems more like a nuisance/hazard for recovery than anything else.

Consciously encrypting with a password implies an understanding of the risk of permanent loss. Leaving it unencrypted implies an understanding of the risk of disclosure. Having your drive silently encrypted feels like the worst of both worlds. "I never encrypted or locked it, what do you mean my data is encrypted and gone forever!?"