Bitlocker...TPM + PIN vs Password?  

  1. Posts : 2
    Windows 10 Pro

    Bitlocker...TPM + PIN vs Password?

    I have seen this question asked elsewhere several times, but with different I just want to make sure my understanding of BitLocker is correct.

    In the past, I had used BitLocker on several computers that did Not have a TPM...therefore I had to use a strong 30/40/50+ character password, which was not a problem. I am now working with a new computer that came with a TPM now instead of a long password, I am restricted to a maximum of 20 characters (even with enhanced PIN's enabled, it still only lets you use 20 characters, which I'm not sure why 20 is the limit?)

    From my understanding, even though it is a much shorter PIN, it is more secure than a long password because the TPM only allows up to 32 attempts before locking out...and then lets 1 more attempt every 2 hours...thereby allowing only just over 4,000 attempts per year (according to both basic math as well as a Microsoft article). Thereby making brute forcing the PIN pretty much impossible even if you use just a 6 digit number.

    In addition, if you put the hard drive in another computer, the PIN won't would now need to use the recovery key/recovery password...which is also impractical to brute force.

    Is my understating pretty much correct? Or am I missing anything? At first it would seem a 50 character password is more secure than a 6 digit PIN number, but after reviewing everything, it seems that the TPM makes the PIN 'stronger' than the password? Is there any benefit to turning off the TPM in BIOS and just using a long secure password? Or is it best to stick with the TPM + PIN even though the PIN is far shorter?
      My Computer

  2. Posts : 2
    Windows 10 Pro
    Thread Starter

      My Computer

  3. My1
    Posts : 14

    well the recov key is (probably) the volume key for your harddrive itself at least that's what I think (especially considering the key which is 8 groups of 6 digits is about 159 bits long (at least here in 8.1-> about the length see this log2(10^(8*6 - Google-Suche)) ) and the key is default 128bit AES making it certainly possible that this is the drive key itself.

    The good thing of the TPM is that it is pretty 2factor like unless you lose the paper with the key because a TPM is tamper evident and grills the key into oblivion if something happens to it and you need the pin to get into the TPM in the first place if you use TPM+PIN.

    for a TPM Drive, yes the only ways of getting it it is essentially an online attack on the TPM by bruteforcing the PIN (which wont happen that nicely), a possible backdoor in the TPM (may certainly possible ofor NSA and other state level attackers if one exists or others if info about a possible backdoor leaks, again as long as one exists in the first place) another possibility would just be a possible flaw in the TPM which allows somehow access to the key, another other way would be trying to get into the drive itself. the standard Idea would be trying to bruteforce it open by bruteforcing the drive key and/or the recov key.

    if the recov key is protected by some kind of KDF (key derivation function, similar to the bcrypt algorithm for linux passowrd hashing but possibly at a larger scale, and the factors for the KDF are large enough (requiring a lot of RAM and CPU, which certainly isnt a problem for a boot-up entry where literally nothing else runs on the PC, you can forget that idea. small example if the recov key would need to be thrown through a KDF for 1 minute (for the specs of the respective PC) you'd have 525600 and the scope of the recov key is 10^48 and even if it took just a second (I dont believe it's that fast) there would be only 31536000 tries. and even if the opponent would get half of your key there would be still 10^24 tries left so that may take a few years even if it's already 1 try per second.
    for the drive key itself being AES128 by default therefore being a lower scope than the recov key is certainly is "quicker" to bruteforce but it still would not be practical. we still have 3,4x10^38 possible keys and even with AES-NI and GPUs and if there is some file or whatever known (or the has of the drivekey or whatever (there has to be a way for the system itself to find out that a key is wrong, doesnt it) then it may be quicker also in checks per time to just bruteforce the hell out of an AES key but it still would be FAR from practical. if we go from a speed of 10^12 checks PER SECOND it would still take many times the age of the universe up to now.

    putting the whole bruteforcing things aside there are 4 other things to consider.

    quantum conputing.
    If it really becomes a thing it could certainly mean that a bruteforce search of 2^128 only needs 2^64 operations. This may huert a lot (2^64 is about 1,9x10^19) but the question is how fast one quantuim operation is. This would be the main problem for that.

    Vulnarabilities and/or backdoors in bitlocker.
    The TPM isnt the only thing which may have some holes no matter whether they are intentional or not, these may certainly be there and could cause quite a risk.

    RAM Dumping.
    I dont know whether the TPM does ALL the on the fly crypto itself but if not the key needs to be somewhere, most possibly in the RAM. if someone can get a RAM dump (possible by crshing the system if the encryted drive is NOT the OS drive and the OS drive isnt encrypted either, or by MITMing the RAM with an in-between device, or cooling down the ram while the PC is running, force shut it down and analyzing the RAM somewhere else)
    Although this is NOT specific to Bitlocker but applies to ALL one the fly encryption solutions.

    and it doesnt matter how nicely the key is scrambled encrypted or whatever on the RAM if someone with the knowledge of the key storage gets it it's over and even if the storing methode is randomly generated every time, the method key key storage has to be stored somewhere or else the machine cant read it, closing the full circle.

    Microsoft account, oh yeah this one is SO hilarious.
    by standard if you get a Windows 10 device with TPM Microsoft may use bitlocker by default on it using the device protection or whatever it may be called (it needs some other requirements as for example using an MS account to log in). This AUTOMATICALLY uploads yout bitlocker key into your Microsoft account. I think when you use Bitlocker with Win10 Pro you can do at least something against that but still the whole practice is NOT PRETTY, and probably the biggest backdoor there can be even if there isnt specifically a backdoor in BL or the TPM, as soon as your key is stored online somewhere, any legal authority which has laws to access MS's data cna get your BL key, also most obviously any database leaks and whatever arent going to end up good for you because they may include your login data or even the BL key itself. so if you have pro you better make sure you either dont use an MS account AT ALL or check that your key isnt uploaded. if in doubt de and reencrypt the drive and make sure not uploading the key.
    Last edited by My1; 15 Sep 2016 at 05:35.
      My Computer

  4. Posts : 5,478

    sunn said:
    Is there any benefit to turning off the TPM in BIOS and just using a long secure password? Or is it best to stick with the TPM + PIN even though the PIN is far shorter?
    Using TPM is undoubtable more secure. Some advantages are (compared to using USB and PIN):

    You can't copy it - the TPM key is unique.
    Like you say you can configure timeout.
    Can check boot files for tampering.

    Trusted Platform Module Technology Overview (Windows 10)

    Using a PIN as a logon to your account (nothing to do with bitlocker PIN) can also be more secure than using a password incidentally. Why a PIN is better than a password (Windows 10)

    My1 said:
    This AUTOMATICALLY uploads yout bitlocker key into your Microsoft account.
    No it doesn't. It asks you if you want to. In fact it asks you if you want to print it, save it (to another disk), save it to your MS account. or your AD. Depending what your group policy allows you can do some, all or none of these. BitLocker Group Policy settings (Windows 10)
      My Computer

  5. My1
    Posts : 14

    well for the uploading here's something to read.

    Microsoft may have your encryption key; here’s how to take it back | Ars Technica
    the device encryption which is essentially a simplified bitlocker and also available in home editions and this small feature auto uploads the recov key to the first admin MS account that signs in.

    also your PIN>password is morstly for MS accounts, especially the "PIN is local" part.
    for a local account your password is also local.
      My Computer


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:03.
Find Us

Windows 10 Forums