BitLocker\'s Encryption Is Broken, But It\'s Still Not Time to Switch-Windows Series-php.cn

Home

System Tutorial

Windows Series

BitLocker\'s Encryption Is Broken, But It\'s Still Not Time to Switch

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 14, 2024 pm 05:01 PM

$BitLocker\'s Encryption Is Broken, But It\'s Still Not Time to Switch$

Microsoft's BitLocker is one of the most popular full-disk encryption tools, and is built into Windows 10 and 11 Pro providing an easy encryption option for millions of Windows users worldwide. But BitLocker's reputation as a leading encryption tool could be under threat after a YouTuber successfully stole encryption keys and decrypted private data in just 43 seconds—using a Raspberry Pi Pico costing $6.

How Was BitLocker's Encryption Broken?

BitLocker's encryption was broken by YouTuber Stacksmashing, who posted a video detailing how he intercepted BitLocker data, extracted decryption keys, and successfully exploited the BitLocker encryption process.

Stacksmashing's exploit involves the external Trusted Platform Module (TPM)—the same TPM chip that stops Windows 11 upgrades—found on some laptops and computers. While many motherboards integrate the TPM chip and modern CPUs integrate the TPM into their design, other machines still use an external TPM.

Now, here's the issue and the exploit discovered by Stacksmashing. External TPMs communicate with the CPU using what's known as an LPC bus (Low Pin Count), which is a way for low-bandwidth devices to maintain communication with other hardware without creating a performance overhead.

However, Stacksmashing found that while the data on the TPM is secure, during the boot-up process, the communication channels (the LPC bus) between the TPM and CPU are completely unencrypted. With the right tools, an attacker can intercept data sent between the TPM and CPU containing insecure encryption keys.

Tools like the Raspberry Pi Pico, the minute $6 single-board computer that has a bunch of uses. In this case, Stacksmashing connected a Raspberry Pi Pico to unused connectors on a test laptop and managed to read the binary data as the machine booted. The resulting data contained the Volume Master Key stored on the TPM, which he could then use to decrypt other data.

Is It Time to Ditch BitLocker?

Interestingly, Microsoft was already aware of the potential for this attack. However, this is the first time a practical attack has surfaced at large, illustrating just how fast BitLocker encryption keys can be stolen.

It raises the vital question of whether you should consider switching to a BitLocker alternative, like the free and open-source VeraCrypt. The good news is that you don't need to jump ship for a few reasons.

First, the exploit only works with external TPMs that request data from the module using the LPC bus. Most modern hardware integrates the TPM. While a motherboard-based TPM could theoretically be exploited, it would require more time, effort, and an extensive period with the target device. Extracting BitLocker Volume Master Key data from a TPM becomes even more difficult if the module is integrated into the CPU.

AMD CPUs have integrated TPM 2.0 since 2016 (with the launch of AM4, known as fTPM), while Intel CPUs integrated TPM 2.0 with the launch of its 8th Generation Coffee Lake CPUs in 2017 (known as PTT). Suffice to say, if you're using a machine with an AMD or Intel CPU manufacturer after those dates, you're most likely safe.

It's also worth noting that despite this exploit, BitLocker remains secure, and the actual encryption underpinning it, AES-128 or AES-256, is still secure.

The above is the detailed content of BitLocker\'s Encryption Is Broken, But It\'s Still Not Time to Switch. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

I Miss the Times Computers Were Plug and PlayMay 13, 2025 am 06:03 AM

Building a new PC was once a moment of triumph. Now, it’s just the beginning, as you have to install apps, download large games, and tweak dozens of settings before it's fully set up. Let's take a look at how we got here and how things used to be.

Why Is This Logitech Mouse on Every Tech Person's Desk?May 13, 2025 am 06:02 AM

Logitech's MX Master series of mice has become a common sight in YouTube videos or photographs of tech-savvy people's desk setups, but what makes this now-iconic mouse so special? I'm on my third MX Master mouse at this point, and, honestly, I can

I Refuse to Buy a Keyboard Without a ScreenMay 13, 2025 am 03:05 AM

Mechanical keyboards offer a plethora of features, from switch type and keycap material to sound dampening. But one often overlooked, yet invaluable feature, is the built-in screen. Why Integrate Screens into Keyboards? The QWERTY keyboard, a staple

The Galaxy S25 Gets Edgy, and RIP Skype: Weekly RoundupMay 13, 2025 am 03:04 AM

Tech News Roundup: Major Updates and New Releases Across the Tech Landscape This week brings a flurry of exciting tech news, from AI advancements to new gaming peripherals and significant software updates. Let's dive into the highlights: AI and Secu

How to Rollback Windows 11 UpdateMay 12, 2025 pm 08:01 PM

Is Windows 11 update causing system problems? Don’t panic! This article provides three methods of rollback updates to help you restore system stability. Method 1: Rollback updates through Windows settings This method is suitable for users whose update time is less than 10 days. Step 1: Click the "Start" menu to enter "Settings". You can also press the Windows key I on the keyboard. Step 2: In Settings, select System, and then click Recover. Step 3: Under Recovery Options, find "Previous Windows Versions". If the Back button is clickable, the system can be rolled back to the previous version. Step 4: The system will ask you why the rollback is

13 Windows Keyboard Shortcuts I Couldn't Live WithoutMay 12, 2025 am 03:02 AM

Mastering Windows keyboard shortcuts isn't just about efficiency; it streamlines your entire computing experience. Windows' interface can be less than intuitive, hiding crucial settings within layers of menus. Fortunately, countless shortcuts exist

How to Speed Up Your PC (Windows 11)May 11, 2025 pm 06:01 PM

Is your Windows 11 PC running slower than usual? Opening apps and loading websites taking an eternity? You're not alone! This guide offers three simple, no-download solutions to boost your computer's performance without complex settings adjustments

This Mini PC Doubles as a Not-So-Great TabletMay 11, 2025 am 06:01 AM

This mini PC, masquerading as a tablet, leaves much to be desired. The 7-inch, 1290x800 resolution screen is underwhelming. While some might use it for media consumption (similar to a 7-inch Amazon Fire Tablet), it's unlikely to be a primary choice

See all articles