Bitlocker question

[superbuu]

I want to do full disk encryption with Bitlocker and im confused about TPM. I've used Veracrypt and it didn't ask for TPM. Why would I want to use TPM? If the motherboard/CPU became damaged then I couldn't access the disks anymore since it would require the TPM hashes for the password to work. Isn't a strong password enough?

 

The problem I see with Bitlocker is that it doesn't allow to use a password longer than 20 characters... what's the point? a 32 character password with special symbols should be enough to be pretty much impossible to bruteforce and you wouldn't need to bother with TPM but not sure about 20.

[Electronics Wizardy]

26 minutes ago, superbuu said:

Isn't a strong password enough?

TPM lets you be more secure without a strong password, so you can have no password or a short pin and still have very hard to crack security

 

27 minutes ago, superbuu said:

he problem I see with Bitlocker is that it doesn't allow to use a password longer than 20 characters... what's the point?

20 characters is already impossible to crack. Basically no one is gonna brute force your password, so aslong as its not common, or the same as anouther password your fine.

[superbuu]

1 minute ago, Electronics Wizardy said:

TPM lets you be more secure without a strong password, so you can have no password or a short pin and still have very hard to crack security

 

20 characters is already impossible to crack. Basically no one is gonna brute force your password, so aslong as its not common, or the same as anouther password your fine.

No password?

A thief enters your house and opens your computer with no password... what's the point of TPM?

[Electronics Wizardy]

1 minute ago, superbuu said:

No password?

A thief enters your house and opens your computer with no password... what's the point of TPM?

No bitlocker password, there is still a windows password.

 

Its not perfect, but a lot harder to get data from, and doesn't affect usage at all.

 

TPM encrypts the disk, so you can't use the disk in anouther computer without the key. if you want to get the files from the system with the tpm you need the windows password.

[superbuu]

8 minutes ago, Electronics Wizardy said:

No bitlocker password, there is still a windows password.

 

Its not perfect, but a lot harder to get data from, and doesn't affect usage at all.

 

TPM encrypts the disk, so you can't use the disk in anouther computer without the key. if you want to get the files from the system with the tpm you need the windows password.

What windows password, login password?

If there is no pre-boot password wouldn't stuff remain unencrypted at pre-boot?

[Electronics Wizardy]

1 minute ago, superbuu said:

What windows password, login password?

If there is no pre-boot password wouldn't stuff remain unencrypted at pre-boot?

The TPM will decrypt the disk on boot. It can either do this on its own, or with a password.

 

 

[TetraSky]

With bitlocker, even without a TPM, you make it require a USB flash drive on boot.

No password required and the PC will simply not boot without the usb flash drive plugged in (you can save a recovery key somewhere online or wherever else if need be).

Drive is encrypted, so even if a thief steals your PC, they wouldn't have access to your data no matter what they do, without the "key" (flash drive).

 

There's plenty of "waterproof" usb drives that you can simply hang on your keyring/chain. Doesn't need to be incredibly fast or expensive either. Like this thing here. Can also just hide the second one it comes with, somewhere safe with the recovery key on it as well, just in case anything ever happens to it. (or you can print the recovery key...)

[LogicalDrm]

-> Moved to Windows

[Mark Kaine]

On 2/2/2021 at 3:27 AM, TetraSky said:

you make it require a USB flash drive on boot.

and then the USB drive breaks... gg

 

(I have like 10 or so dead as possibly possible laying around so don't tell me it doesn't happen...) 

 

On 2/2/2021 at 3:27 AM, TetraSky said:

or you can print the recovery key...

oh, you can? well that doesn't make it secure but at least something you could fall back in case your USB does what USBs do, die. 

 

(btw I blame Playstation, I think 99% of my USB flash drives died after using it with a Playstation console... that's not to say there aren't other possible culprits though) 

[TetraSky]

6 hours ago, Mark Kaine said:

and then the USB drive breaks... gg

 

You can create backups of backups of backups... My usb drive on my key ring has been going strong for the past 10 years now. It got flushed down the toilet, it got washed in the washing machine... all sort of abuse.

And like I said, you can print a recovery key and just... hide it somewhere safe that no one but you will find. Because if a thief comes in to steal your PC, I doubt they will also take the time to look for the key... Heck you could hide it in a different building altogether. Or just... Upload it to your email/cloud storage that you can access even without your PC. Doesn't need to have any info on it related to bitlocker, just the long string of random characters and no one that looks at it would guess what it is for.

 

And really, even if you were to use a regular password on boot for Bitlocker... The chance that anyone who will rob you will actually take the time to try and crack it... is so astronomically low that it ain't even worth considering. (A windows pwd on the other hand, can be cracked easily)
They will want to flip the thing ASAP and no one will bother spending hours, days, YEARS to crack a 20 character password.
This is just a simple phrase, with a single upper case and 2 numbers... Like come on :

Spoiler