Bypassing disk encryption on systems with automatic TPM2 unlock

(oddlama.org)

189 points arjvik | 1 comments | 17 Jan 25 03:00 UTC | HN request time: 0s | source

Show context

acheong08 ◴[17 Jan 25 04:12 UTC] No.42733994[source]▶

I don't understand why anyone would use passwordless disk encryption. It just seems inherently vulnerable, especially with the threat model of physical compromise.

Entering a password on boot isn't even that much work

replies(19): >>42734012 #>>42734073 #>>42734132 #>>42734171 #>>42734304 #>>42734370 #>>42734375 #>>42734397 #>>42734516 #>>42734734 #>>42734841 #>>42734892 #>>42734925 #>>42735445 #>>42736160 #>>42739068 #>>42740673 #>>42741392 #>>42742256 #

sedatk ◴[17 Jan 25 05:08 UTC] No.42734304[source]▶

>>42733994 #

Because I don't expect a random thief to go to the lengths of identifying OS level vulnerabilities to bypass the login prompt in order to decrypt the disk contents. The potential gains for them are marginal compared to the time and effort spent there, not to mention technical expertise needed. I expect them to steal it, and if it's encrypted, just sell it for parts, or wipe it and sell it anew.

Entering a password can be a lot of work if you use a strong password (and if you don't, why bother with a password?). Typos can take a toll too because of all the delays included.

replies(2): >>42734854 #>>42735621 #

prmoustache ◴[17 Jan 25 09:22 UTC] No.42735621[source]▶

>>42734304 #

> Entering a password can be a lot of work if you use a strong password (and if you don't, why bother with a password?).

So does-it means you do not setup a password/passphrase for your user account?

replies(2): >>42737079 #>>42740884 #

1. sedatk ◴[17 Jan 25 17:33 UTC] No.42740884{3}[source]▶

>>42735621 #

No, I use biometrics login for the same reasons. I have a strong password, but 99% of the time, I don’t need it.

↑