Comment by ranger_danger

9 hours ago

For those who use password (not PIN) based pre-boot authentication with BitLocker... do we know if that setup is safe?

I can't imagine there would be a way to bypass that if a password is required, unless it was a situation where like, there was originally some secret secondary key made that needs no password... or the password was never tied to the key in the first place.

6 comments

ranger_danger

Reply
andrecarini  9 hours ago

The exploit developer themselves say [1] TPM+PIN is vulnerable, though no public PoC.

[1]: https://deadeclipse666.blogspot.com/2026/05/were-doing-silen...

  • forestry  9 hours ago

    I’m skeptical of that claim. The key material presumably is inaccessible even to the OS without the passcode.

    • ranger_danger  9 hours ago

      > presumably

      That's the thing, we don't actually know how involved the PIN is in relation to the key... it might be completely separate (and hence bypassable).

      Similarly I also wonder if password-based pre-boot auth is affected.

    • cookiengineer  7 hours ago

      If someone drops 5 confirmed ring 0 exploits/bypasses within 3 months and claims that they got a 6th one... why on earth would you doubt that the 6th one suddenly is fake?

      Do you know how hard discovering even one of those is? And how many months of work it takes?

      2 replies →