logoalt Hacker News

noinsightyesterday at 5:25 PM4 repliesview on HN

If you’re at all serious about security and not user convenience, you deploy BitLocker with a PIN instead of TPM only. And then a whole class of vulnerabilities goes away.


Replies

solenoid0937yesterday at 6:28 PM

It's probably all security theater. There's only so much trust you can put into some shitty vendor's TPM implementation

show 1 reply
xnickbyesterday at 6:37 PM

If you are at all serious about security you don't consider Windows.

Depending on how serious you are you also don't consider MacOS.

And then you kinda have a couple of things to chose from but ultimately you need to build your own security depending on your attack/threat model

show 2 replies
dlcarrieryesterday at 7:22 PM

Just a PIN? For most people that's a 4-digit number, which has a worst-case scenario of 10,000 attempts and a median of only a few hundred. Why not use a full 8-digit password?

show 2 replies
GordonSyesterday at 7:05 PM

If you're really serious, you use a strong password, not a PIN.