What the frick are they smoking at Microsoft

>Be Microsoft
>develop bitlocker boot drive encryption
>provide pre-boot environment to get keys from TPM and if setup request user PIN input
>even provide support for keyfile on external USB-drive
okay
>be me
>have yubikey
>already carry yubikey
>want to use yubikey with PIV certificate with because TPM is moronic
>want to use yubikey because carrying another USB-drive is moronic
>spend/waste hours on google
>should_be_possible.pfx
>spend/waste multiple weekends trying to set it up
>apparently impossible, Bitlocker+smartcards is only possible for for non-boot disks like a secondary partition/drive or external storage
>none of the tutorials, threads etc mention this anywhere
>commercial solutions are available but are so enterprise-oriented they don't even list their prices online
>have to resort to Veracrypt or some shit

I hate Microsoft so fricking bad. Please tell me it is actually possible. Or make it make sense.

Homeless People Are Sexy Shirt $21.68

CRIME Shirt $21.68

Homeless People Are Sexy Shirt $21.68

  1. 3 weeks ago
    Anonymous

    why do you use windows if you are smart enough to figure out all this encyption stuff

    • 3 weeks ago
      Anonymous

      Unironically Microsoft Office, among some other utilities that only run on Windows
      >inb4 wine
      I wish that worked for my utils

      • 3 weeks ago
        Anonymous

        encrypted Linux system, microsoft VM. Problem solved

        • 3 weeks ago
          Anonymous

          For me it's gaymen, but windows iso won't load on usb properly fron linux.

          • 3 weeks ago
            Anonymous

            called pcie passthrough lad

  2. 3 weeks ago
    Anonymous

    Ok OP, I'll try:
    Bitlocker is encryption. This is when your data is scrambled in a way that makes it harder to read. It's like if you mixed up all the pages in your favorite story, but in a way that it can be read in the correct order if you have the correct order to read those pages (in this case, a "key"). This is so data is harder to obtain if your device is lost or stolen.

    I hope this helps.

    • 3 weeks ago
      Anonymous

      kys

      [...]

      no

      • 3 weeks ago
        Anonymous

        I'm trying to be helpful. Please don't be disrespectful.

        • 3 weeks ago
          Anonymous

          don't reply to the tourist, thanks.

  3. 3 weeks ago
    Anonymous

    You should have never graduated from being an iToddler.

    • 3 weeks ago
      Anonymous

      >iToddler
      where did I mention apple?

      • 3 weeks ago
        Anonymous

        >act like Black person
        >be surprised when called out

        • 3 weeks ago
          Anonymous

          >concise and relevant OP to the board
          >clear goal and request
          >clearly non-bait non-slide thread
          >hurrr Black person
          you are a sad human being, I hope you will be happy one day 🙂

    • 3 weeks ago
      Anonymous

      funny thing is apple actually supports this right out of the box with filevault. too bad their hardware is gay as shit

      • 3 weeks ago
        Anonymous

        is shit gay? my shit has never indicated its sexual preference.

        • 3 weeks ago
          Anonymous

          >penis shaped object in your colon
          Shit is gay. Take the piss pill.

          • 3 weeks ago
            Anonymous

            douché

  4. 3 weeks ago
    FUCKINGFUCK

    I swear to god this is some glowie op to prevent neets from having enterprise-grade information security measures

  5. 3 weeks ago
    Anonymous

    >setup bitlocker
    >save recovery key in keepass database
    >it just works

  6. 3 weeks ago
    Anonymous

    >2024
    >zero reading comprehension
    grim

  7. 3 weeks ago
    Anonymous

    You missed the part where the TPM only releases the decryption passphrase after boot measurements match expected values.
    Unlike your Yubikey, which can't read those registers.
    So your entire rant is the result of you not understanding the purpose of Bitlocker.

    • 3 weeks ago
      Anonymous

      Perhaps I do and I just don't want to store the decryption key on the TPM since you can just sniff it from the system bus
      PINs can easily be learned by (camera) observation so thats still not enough
      If I'm not near my computer, I have the key on a smartcard in my wallet and the pin memorised
      Say someone would gain access to my computer with the PIN they still wouldn't get anywhere

      • 3 weeks ago
        Anonymous

        >you can just sniff it from the system bus
        It is much easier to sniff it from the USBus, so your point is moot.

        • 3 weeks ago
          Anonymous

          are you moronic?

          • 3 weeks ago
            Anonymous

            Do you think USB traffic is encrypted or something?

          • 3 weeks ago
            Anonymous

            since you are apparently moronic let me spell it out for you
            >option one
            >bitlocker + TPM
            physical intrusion, just let computer boot, sniff system bus, extract keys, clone system disk
            >bitlocker + TPM + PIN
            observe PIN, physical intrusion, just let computer boot, sniff system bus, extract keys, clone system disk
            >bitlocker + Token/SC + PIN
            Then you'd also need to rob me from my token, which I'd carry on my person at all times

          • 3 weeks ago
            Anonymous

            >you'd also need to rob me from my token
            Step 1: insert USB sniffer inside PC
            Step 2: moron (you) plugs token and enters his autistic PIN
            Step 3: collect passphrase
            How is this any different from TPM, dumbo?

          • 3 weeks ago
            Anonymous

            IM NOT A FRICKING DUMBO! SHUT UP troony!
            100% FRICK HEAD DICKHEAD troony c**t! GO DILATE YOUR MANGINA!

          • 3 weeks ago
            Anonymous

            Who's a smart boy? You're a smart boy!

          • 3 weeks ago
            Anonymous

            Nice try but that requires manipulation of my hardware whilst remaining undetected by me, which is an non-negligible extra level of difficulty that thwarts many bad actors. Otherwise just steal it and compromise to your hearts desire with only the TPM+PIN

            IM NOT A FRICKING DUMBO! SHUT UP troony!
            100% FRICK HEAD DICKHEAD troony c**t! GO DILATE YOUR MANGINA!

            You're not me, seek help

          • 3 weeks ago
            Anonymous

            You're not me. I am me! I am me and you are I
            I AM ME AND YOU ARE I
            FRICK OF FRICK OF FRICKOFFFFRICKOFFFRICKOFCCC
            THE VOICES WONT FRICKOFFF
            FRICK OFF troony !FRICK OFF troony!!!

          • 3 weeks ago
            Anonymous

            >compromise to your hearts desire with only the TPM+PIN
            The TPM will erase itself after a few incorrect PINs.

            >he doesn't have something to wipe the fricking key if shady shit happens.
            Dumb frick.

            Wipe it from where? How will you know what's shady?

          • 3 weeks ago
            Anonymous

            I said your a dumb frick. Stop replying or else I gonna get mad.

          • 3 weeks ago
            Anonymous

            Again, PIN is easily learnt through shoulder surfing

          • 3 weeks ago
            Anonymous

            So someone can shoulder surf your ass enough to see the PIN despite your paranoia, but they won't be able to also get their hands on your key for a couple minutes to dump the key?
            You're dreaming.

            I said your a dumb frick. Stop replying or else I gonna get mad.

            Oh no, I'm scared

          • 3 weeks ago
            Anonymous

            Yeah that actually would be rather difficult since I have a habit of keeping my wallet actually on my person at all times. At night I keep it on my nightstand.

          • 3 weeks ago
            Anonymous

            >he doesn't have something to wipe the fricking key if shady shit happens.
            Dumb frick.

          • 3 weeks ago
            Anonymous

            >How is this any different from TPM, dumbo?
            NTA, but what you just described was an evil maid attack which is wildly different from what the OP is worried about. With TPM you can physically take the PC and unlock the drive later by abusing TPM's design flaws. With the hardware key, you'd have to install physical malware into the PC, let the user use the PC normally, then go back and collect the PC after it had been used and the data had been collected.

            The defense against your attack is the same as any other evil maid attack -- use some sort of identifying markings or material on the PC's screws and inspect them before logging into the PC. The defense against the TPM attack is to not use the TPM.

  8. 3 weeks ago
    Anonymous

    been suffering over the same thing. afaik not possible.
    best you can do is tpm + pin or disable tpm and just use a long password, then make the yubikey type it. both options suck

    another thing i hate is that you can't RDP with yubikey without being AD joined

  9. 3 weeks ago
    Anonymous

    Bootlocker? More like bootlicker, am I right guys?

    • 3 weeks ago
      Anonymous

      kek it do be like dat do
      they dont want us to have physical security

  10. 3 weeks ago
    Anonymous

    encryption on Windows ecosystem is for enterprise use case

    encryption on Linux ecosystem is for paranoid pedophilia use case

    change my mind.

    protip:
    you cant.

    • 3 weeks ago
      Anonymous

      >reddit spacing
      >le epik 'change my mind' maymay
      opinion discarded

    • 3 weeks ago
      Anonymous

      >my boomer parents accidentally having their harddrive mined because they sold a laptop not realizing what that means isn't a use case

    • 3 weeks ago
      Anonymous

      >paranoid pedophilia use case
      >LUKS isn't even trying to obfuscate the header

  11. 3 weeks ago
    Anonymous

    >PIV certificate
    >penis in vegana certificate
    So it's true that you get an official certificate the first time you have sex?

Your email address will not be published. Required fields are marked *