question

jelfer-3369 avatar image
0 Votes"
jelfer-3369 asked MTG-3890 commented

Using Bitlocker with TPM

I searched a lot but found no answer to these questions...if I encrypt windows 10 with bitlocker and I have TPM activated:
- do I need to input the password at boot?
- Is the password stored in the TPM?
- Is the decryption key stored in the TPM?
- what gets stored in the TPM?
- Is it safer to use bitlocker with TPM or without it?

windows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MTG-3890 avatar image
1 Vote"
MTG-3890 answered jelfer-3369 commented
  • do I need to input the password at boot?
    ->That depends what you set. You may choose not to require to enter anything or you may choose to set up a PIN (most secure option)

  • Is the password stored in the TPM?
    -> No. The TPM stores the encryption key, not the PIN. It releases the PIN if you enter the correct PIN (that is, if you chose to setup a PIN in the 1st place)

  • Is the decryption key stored in the TPM?
    ->Yes

  • what gets stored in the TPM?
    ->The encryption key and some metrics which the TPM uses to decide whether the computer is still in a state of settings that are deemed secure to release the key to

  • Is it safer to use bitlocker with TPM or without it?
    ->Unless you believe in conspiracy theories, it's surely safe to use the TPM


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thanks! but:

  • How is a PIN safer than a long alphanumeric double case multiple symbols password????


  • if the TPM (when used) stores the encryption key, where does the encryption key get stored in a setup where the TPM isn't used?


Is it safer to use bitlocker with TPM or without it?
->Unless you believe in conspiracy theories, it's surely safe to use the TPM
----> sorry what conspiracy theories (I'm just curious) and can you tell me if using the TPM is SAFER than not using it or not using the TPM is just very safe as long as you have a strong password and don't store the encryption key in an easily reachable place.







0 Votes 0 ·
MTG-3890 avatar image
1 Vote"
MTG-3890 answered MTG-3890 edited

It works this way:

An attacker who gets his hand on your disk would try to use passwords lists and/or brute forcing. If you use a "good" password (let it be 15 characters long), it would fall in maybe far less than a year depending on the computing powers the attacker has access to.
However, if you use the TPM alone (no PIN), the attacker would have no password (or PIN) to run these brute forcing attacks against. He would have to attack the key itself, which is very very long (no chance for brute forcing).

If you use Bitlocker with TPM+PIN, the situation is almost the same: the attacker can however try to guess your PIN. The PIN by default is at least 6 digits long which does not seem to be safe, but in fact, it is, since there is a limitation to the number of tries: the TPM locks after 32 incorrect attempts - locks for good. With a locked TPM, the attacker would be left with the chance to brute-force the recovery password. The recovery poassword is not set by the user, but by windows and it's long: 48 digits. The chance to brute force this in the next few years (no matter what computing powers the attacker has) are zero.

About conspiracy: there are people that don't trust the TPM technology itself. They say, Intel (makers of the TPM of many models) wants access to the keys in order to sell them to the FBI and such wild ideas.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

if you use the TPM alone (no PIN), the attacker would have no password (or PIN) to run these brute forcing attacks against.

if i run TMP alone (no pin and no password) isn't the disk and operating system accessible to anyone who has access to it?



My final question:

what is it safer to use?

  • a strong password (20+ characters) without TMP
    or

  • TPM with PIN (I'd never use PIN though) or medium strong password(10-15 characters)
    or

  • TPM with strong password (20+ charachters)

0 Votes 0 ·

To compare levels of safety, you would need numbers.

So let's say you set a password with at least 20 characters, possibly using special characters, numbers, capital letters and so on. The number of possibilities is gigantic, so it's safe to say, an attacker would take years, no matter how much computing power he uses, unless your password is on a list of passwords that people frequently use, like Passwordpassword1234! - then it would be found. If not: it's safe.

a TPM with PIN would be very safe is well, but you'd never use that for whatever reason. I strongly recommend to use that, as it is much nicer to enter an 8 digit PIN than a 20+ character password and surely, the PIN method would be at least as safe as the 20+ pw and surely safer than a pw with 10-15 characters.

TPM+password is not allowed. You can only use TPM or password.

0 Votes 0 ·
PercivalYang-MSFT avatar image
0 Votes"
PercivalYang-MSFT answered PercivalYang-MSFT edited

HI
@jelfer-3369
First of all, you have to know that because TPM is on the motherboard.
There are two scenarios.
First one. Whilst some motherboard don't equip with TPM, the CPU or System support the motherboard to virtually simulate one, then where the simulated TPM is, in partition or Bios? I presume in partition because bios can be cleared when un-plugged
Second one. TPM is originally added on motherboard.

From my point of view, to answer your questions below.

if I encrypt windows 10 with bitlocker and I have TPM activated:
- do I need to input the password at boot?

Yes, you need, after you encrypt one partition, you need to save the recovery key. and every time at the beginning of boot, you need to input the password of bitlocker

  • Is the password stored in the TPM?

TPM stores SRK (storage root key), I think the partition carries one, because When moving one disk with bitlocker from old pc to new pc. it will trigger the recovery mode, if you have the recovery key, you can unlock the recovery mode.

  • Is the decryption key stored in the TPM?

To decrypt a partition we need the recovery key only. as the case above, we can also decrypt that disk on another PC without that TPM.

  • what gets stored in the TPM?

TPM stores SRK (storage root key), and PCRs (platform Configuration Registers)

  • Is it safer to use bitlocker with TPM or without it?

yes it is, but bitlocker only protect offline attact, like you lost your laptop. it can't protect online attack, like download some files with virus.

  • How is a PIN safer than a long alphanumeric double case multiple symbols password????

Here is my observation. PIN is used to replace your Microsoft password when entering in windows with your Microsoft Account. Local account can set pin blank.
Microsoft Password is used when you do not set PIN or other options to log in. In this Phase the system boot to win logon.
Bitlocker Password is used to boot, it is shown at the beginning of boot, In this Phase the system is just get initiated
For me, I need to input bitlocker password and Account Password too when startup.

  • if the TPM (when used) stores the encryption key, where does the encryption key get stored in a setup where the TPM isn't used?
    As to this question, could you please describe it with exact example?



Hope this can help you
If your need further help, be free reply to me at your convenience.

==============================================================================
If the Answer is helpful, please click "Accept Answer" and upvote it

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MaciejMolski-1066 avatar image
0 Votes"
MaciejMolski-1066 answered MTG-3890 commented

Hey guys, I see you were talking about subject that is on my mind.
I'm wondering: what if I encrypt computer with bitlocker, but don't set PIN to unlock it? Just "unlock upon logon".
How does this work? Let's assume that someone snatched this laptop or PC nad has full access to it. Doesn't have to remove hard drive, has all the time he wants.
Disk is encrypted but without any additional PIN or other forms of authentication. Just user login screen.
So can he somehow get to the data because there is no PIN code?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

As said: If you use the TPM alone (no PIN), the attacker would have no password (or PIN) to run brute forcing attacks against. He would have to attack the key itself, which is very very long (48 digits, no chance for brute forcing). And at the logon screen, password hammering is also impossible.
Now you might ask "if that is so secure, why doesn't everybody use it that way?"
The reason is: with TPM alone, the encryption key is loaded to RAM and allows for so-called "cold boot attacks" that attackers could carry out. https://www.youtube.com/watch?v=JDaicPIgn9U explains it.

0 Votes 0 ·