Is it good enough for personal use, or is it too compromised for even that?
It's All Fucked Shirt $22.14 |
It's All Fucked Shirt $22.14 |
Is it good enough for personal use, or is it too compromised for even that?
It's All Fucked Shirt $22.14 |
It's All Fucked Shirt $22.14 |
the government uses it.
I'm a state gay
it's paired with boot PIN, TPM, and MBAM. Boot PIN to prevent offline attacks.
it's good enough for anyone who wants to keep their files safe if the device is lost or stolen. There probably is some back door the NSA/gov knows about but 99.9% of the people are just going to format over the encrypted data fricking it over from ever being readable again.
There are ways for "normal" people to get around it assuming they want to do some soldiering for the TPM to attach to a Pi 0 then monitor the in memory bits to TPM dump it, but that requires more work than anyone would realistically do vs dump it on craigslist.
Yeah use a boot pin+full drive encryption+bios password, you should be safe with still just the basic for 99% of things but no reason not to use a boot pin.
The problem with it is, nobody can verify its validity as we don't have the source code.
And then there is the reliance on the TPM chip, which is a red flag on itself, so stay away I'd say.
And then there's the absolute bullshit, which is Microsoft stores the encryption keys in the cloud.
At this point, Veracrypt is more reliable than this.
homie you moronic?
The key never leaves the TPM chip so you need to decap or do intrusive shit on the motherboard to obtain the key if the design is old (newer fTPM aren't afected).
Saving the recovery key on the cloud requires a microsoft account wich no sane IQfy user uses.
With veracrypt the key is live on ram at all times and can be easily obtained, even if you turn off the machine.
i forgot bitlocker key how can I get in? please anons ty
Give it back, Muhammad
I mean my company forces me to use it.
bitlocker/firevault (osx) are mainly used in case some nig steals your computer and cant get your shit. as for keep the govt out, its probably backdoored to shit
as for veracrypt/truecrypt. probably harder for them but they'll just brute force it. Id trust truecrypt over vera since they closed up shop for reasons but vera is probably legit
I use firevault 2 for system encryption because I just dont want anyone to get my info if stolen, even tho I can track and remotely wipe my macbook thru find my iphone (pretty nice) and when you remote wipe it locks the system and cant even have a fresh OS installed. you can create container files thru firevault that encrypts it and requires a secondary passcode like true/veracrypt
tl;dr
its fine to keep crackhead junkies out of your stuff. as for govt probably not but the govt doesnt care about your weird anime porn so use bitlocker and veracrypt.
>but they'll just brute force it
lmao moron
It's quite reliable. Pic related.
>requires a soldering iron
Yeah no one is going to bother with that shit m8, you have a better chance of winning the lottery twice in a row. Bitlocker will keep your shit safe from any script kiddie, crackhead, or other person looking to flip your PC off to some poor sap on craigslist who bought what will look at it wondering wtf the password is.
>oh noo the soldering
>tpm is in the cpu now
okay what now?
You can buy it already soldered, the little needles are what you touch the tpm with when doing the attack, no need to solder the victim machine, dumbass.
Retrieving the key from ram is easier than from the tpm.
it's worse for personal use because it locks you out of your own data after a while
case in point
i read too many horror stories if bitlocker locking their own users for no reason
"For no reason"
Okay jamal
I had it lock a laptop on me. My crime? Booting a live usb of Linux mint to test Linux compatibility. Lost all the data on said laptop.
that's exactly what i mean. that happens even when you try swap drive to new hardware. like what kind of backwards design in this. imagine if luks ate my keys if i tried to inserting sd card with my gpg and ssh keys backups to different machine
>try to install Linux
>it bricks your system
many such cases.
you didn't backup your recovery key moron
it tells you to back it up before you enable it and you didn't do it
you are moronic
bitlocker has nothing to do with you being a moron
you shouldn't play with stuff you don't understand
I repeat you didn't back up the recovery key it asked you to do so. You didn't do it and now you looked yourself out. Why are you stupid?
it's a good design because it means if you remove the disk your date is save because you have to type in the recovery key that's the whole point of tpm+secure boot full disk encryption it's convenient because you don't have to type in your password on every reboot but if the state ever gets altered you have to type in the recovery key
Why are people moronic? Why are they talking about stuff they don't know? Are those Linux morons? Even Ubuntu Core uses basically the same kind of secureboot and tpm based encryption setup.
>can i trust encryption provided by this trillions dollar corporation that has ties with almost every government across the globe?
the answer is: it depends on your threat model.
if you afraid that you will be raided by feds and they will take your drives to investigate their contents, then this won't help you.
if it's against some random non-government affiliated moron/s that just stole your drive, then it will help.
Your average Jamal that steals people's laptops from their cars has no idea what bitlocker is. If he notices that the laptop is locked, he will just bring it to his nerdy cousin that will wipe it, install fresh windows on it and sell it on craiglist. If you care about NSA, get yourself something compatible with heads and qubes.
https://github.com/linuxboot/heads
https://www.qubes-os.org/
Disable the TPM and force it to use a password, and you should be fine.
IT LITERALLY SENT YOUR ENCRYPTION KEYS TO WINDOWS SERVERS FOR "BACKUP"
DO NOT USE SHITDOWS AND EXPECT PRIVACY MORON
>click local backup to file
>select file
>done
Did you seriously got filtered by that?
frick no, it's confirmed backdoored
why would you ever use it when there are working alternatives?
Pozzed shit you never use out side of studying in college security courses