←back to thread

Bypassing disk encryption on systems with automatic TPM2 unlock

(oddlama.org)
189 points arjvik | 1 comments | 17 Jan 25 03:00 UTC | HN request time: 0s | source
Show context
acheong08 ◴[17 Jan 25 04:12 UTC] No.42733994[source]
I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(19): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #
Hakkin ◴[17 Jan 25 04:36 UTC] No.42734132[source]
If a disk is encrypted, you don't have to worry about the contents if you eventually have to RMA or dispose of the disk. For this use case, it makes no difference how the encryption key is input.
replies(2): >>42734927 #>>42735538 #
megous ◴[17 Jan 25 09:12 UTC] No.42735538[source]
Encrypted data are noise now, maybe, but may be decryptable in the future with advances in computing.

So all this depends on what you worry about.

replies(2): >>42737244 #>>42737310 #
HPsquared ◴[17 Jan 25 13:31 UTC] No.42737310{3}[source]
Most of this concern is around certain public key cryptography algorithms which depend on math problems being extremely hard to solve but could in theory be mathematically solved (decrypted without the key) with a good enough quantum computer.

Disk encryption (AES etc) is symmetric and still only brute-force would work which can be made infeasible with a long enough key.

replies(1): >>42738213 #
Avamander ◴[17 Jan 25 15:02 UTC] No.42738213{4}[source]
Brute-forcing symmetric encryption is a somewhat silly concept anyways, because each decryption is equally valid.
replies(2): >>42738267 #>>42742119 #
1. tibordp ◴[17 Jan 25 15:06 UTC] No.42738267{5}[source]
That's only true for information theoretically secure algorithms like one-time pad. It's not true for algorithms that are more practical to use like AES.