Comment by aiscoming

9 hours ago

the only way to bypass PIN would be an actual backdoor in Bitlocker. no way around that. an actual backdoor in microsoft encryption was never documented, and there are Snowden documents showing FBI pressing Microsoft into introducing one and Microsoft refusing

so I call bullshit on the PIN bypass

9 comments

aiscoming

Reply
ranger_danger  2 hours ago

You're assuming the PIN was ever connected to the key itself in the first place. We don't know how that mechanism works, it could just be a totally separate gate that IS bypassable.

cookiengineer  8 hours ago

> the only way to bypass PIN would be an actual backdoor in Bitlocker. no way around that. an actual backdoor in microsoft encryption was never documented, and there are Snowden documents showing FBI pressing Microsoft into introducing one and Microsoft refusing

A USB stick containing a masterkey to decrypt a bitlocker volume is literally the definition of a backdoor.

Go on, try it out. It works.

  • aiscoming  8 hours ago

    no, to access a bitlocker volume which automatically decrypts

    thats an LPE, not an encryption backdoor

    the USB stick doesnt decrypt bitlocker, it just gives you root after bitlocker was AUTOMATICALLY decrypted

    • stephbook  8 hours ago

      Smells like a compromise. Microsoft enables BitLocker by default, thus protecting companies and users at scale. But the price is a backdoor they hope noone finds.

      Someone else claimed this doesn't affect people who actually care about security and enable boot-time password protection.

    • cookiengineer  8 hours ago

      > no, to access a bitlocker volume which automatically decrypts

      > thats an LPE, not an encryption backdoor

      No. RedSun and Bluehammer were LPEs

      > the USB stick doesnt decrypt bitlocker, it just gives you root after bitlocker was AUTOMATICALLY decrypted

      No, that's not what the bypass does. Maybe go try it out and verify it before you come to your quickly made conclusions?

      It's not tied to "automatically decrypted" volumes, whatever that would imply for your setup requiring a pretty pointless TPM keystore for that.

      If your case were true, it would also imply that any bitlocker cryptography never really worked because it was automatically decryptable without the need for a password/hash/whatever to get your keys from the keystore, which actually makes it so much worse. Even worse than the previously known coldboot attacks.

      4 replies →