alt Hacker NewsTo be honest if I got fired in a mean or unfair way I'd definitely hit back at my employer in such a manner if I'd have the ability to. I'm unlikely to have that though as I'm not aware of any saucy company secrets. But if this is what happened I think it's pretty justified.
The secret here seems to be that Microsoft caches the key somewhere even when it's supposed to be only in the TPM! That's a pretty big revelation IMO.
> The secret here seems to be that Microsoft caches the key somewhere even when it's supposed to be only in the TPM!
Not what happened here (I reserve my judgment wrt the promised TPM+PIN exploit).
In the default TPM-only mode of BitLocker, the secret is in fact in the TPM, which will (as instructed by Windows upon key creation) release it to the correct OS running on the correct computer. Notably not in the picture is any user-provided data: measured boot is the only protection. It is only the correct programming of the OS that makes it request an account password (completely unrelated to the disk-encryption cryptography) before letting the user poke at the disk, which the OS can at that point already decrypt.
Well, turns out the programming is such that if you ask politely it’ll just pop an Administrator(?) shell.