undefined | Better HN

0 pointswkat42421y ago0 comments

Every phone has it these days. Doesn't seem to be a big deterrent? Laptops also need a password to log in.

In fact in many cases a preboot password is safer. Because the comms between the TPM and the OS can often be sniffed. And if the TPM doesn't need validation because it hands off its keys, it can be bypassed that way.

Again not really something that consumers have to worry about, but it's not quite difficult anymore to pull this off.

0 comments

andrewaylett1y ago

The phones are using their TPM equivalent to do it securely, though -- there's not nearly enough entropy in a lock screen to provide robust security, but the boot-time unlock depends on both the screen lock and the hardware, and the hardware will rate limit attempts to use it to turn lock screen inputs into usable encryption keys.

HeatrayEnjoyer1y ago

TPM 2.0 uses encrypted bus. TPMs are also often built into the CPU

j / k navigate · click thread line to collapse