Tag: tpm

Windows 7 BitLocker Ready for TPM Hacks

February 12, 2010 by Jason

Microsoft will continue to recommend BitLocker technology in concert with Trusted Platform Module (TPM) hardware to customers looking to protect sensitive data on mobile computers in the eventuality that the device is stolen or lost, the company said. Paul Cooke, Microsoft director, Windows Client Enterprise Security, notes that attackers can potentially access the secrets stored on TPM hardware inside a computer running Windows 7 with BitLocker, but that the company had labored to make such a scenario highly unlikely.

“With our design for BitLocker in Windows 7, we took into account the theoretical possibility that a TPM might become compromised due to advanced attacks like this one, or because of poor designs and implementations. The engineering team changed the cryptographic structure for BitLocker when configured to use enhanced pin technology,†Cooke stated.

Essentially, an attacker would not only need physical access to a protected computer, but also have to break the TPM for the appropriate secret, and get the user-configured PIN as well. According to Cooke, provided that customers take the necessary steps to make sure the PIN is sufficiently complex, a hack would be infeasible. In this context, an attacker would simply not be able to get the key necessary for the unlocking of the BitLocker protected disk volumes. Read More»

Use BitLocker Drive Encryption without TPM chip

March 28, 2007 by Jason

Windows Vista includes a new hard drive encryption feature called BitLocker Drive Encryption. BitLocker can be a very useful security feature for businesses and home users that have sensitive and confidential information stored on their computer. Unfortunately, BitLocker Drive Encryption by default requires a Trusted Platform Module (TPM Chip) version 1.2 or later installed in your computer. A lot of the computers and laptops on the market do not come with TPM chips installed since they are typically only found in premium model business computers. If you have Windows Vista Business, Ultimate or Enterprise but do not have a TPM chip, you can still use BitLocker Drive Encryption. Read More»