I learned this week that Microsoft keeps a copy of your keys when you encrypt your hdd with their software. So you don’t need a black hat, all you need is a subpoena.
To be fair, if microsoft didnt automatically backup the keys, a simple BIOS/UEFI setting change, or windows update could trip the Secure Boot settings, which would clear all the TPM keys from the system, which means the sysyem would prompt you for the recovery key. I think people value being able retain access to their data over encryption. And to Microsoft’s credit, its not exactly a secret, they literally tell you that the key will be uploaded.
a simple BIOS/UEFI setting change, or windows update could trip the Secure Boot settings
they could work around that though, but I still agree that backing up the passphrase to an arguably safe online system is good
I learned this week that Microsoft keeps a copy of your keys when you encrypt your hdd with their software. So you don’t need a black hat, all you need is a subpoena.
To be fair, if microsoft didnt automatically backup the keys, a simple BIOS/UEFI setting change, or windows update could trip the Secure Boot settings, which would clear all the TPM keys from the system, which means the sysyem would prompt you for the recovery key. I think people value being able retain access to their data over encryption. And to Microsoft’s credit, its not exactly a secret, they literally tell you that the key will be uploaded.
Only a stupid cybercriminal would use Windows
Or a smart one knowing exactly what they can and can’t do touching Windows.