Comment by no-dr-onboard
Comment by no-dr-onboard a day ago
this presumes that anyone would trust bitlocker.
Comment by no-dr-onboard a day ago
this presumes that anyone would trust bitlocker.
No? Any modern disk encryption system with a strong passphrase (basically, anything but default-BitLocker) is very effective against "they have your physical machine and it's off" for any known, current adversary. And, the basic cryptography in use is common, robust, and proven enough that this is probably true even if your tinfoil hat is balled quite tightly.
Where modern research effort goes is into protecting against "they HAD your physical machine and they gave it back to you" or "they got your machine while it was on/running" - these are much more difficult problems to solve, and are where TEE, TPM, Secure Boot, memory encryption, DMA hardening, etc. come into play.
Disagree. If one has physical access to your machine, they also have physical access to you. Practically everyone is vulnerable to rubber hose cryptanalysis.
Right, because every stolen laptop automatically comes with an abduction of the owner? No, getting "hardware access" to a human is much harder (more expensive in the best case and riskier in terms of drastic punishment) than for a laptop, even more so if you want to go undetected.
Being able to sniff a key as it transits a local bus is a very different kind of compromise of "trust" than believing that something is preemptively backdoored by a threat actor. It is deeply mysterious that Microsoft don't simply use TPM encrypted sessions to prevent this, though.