#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #encryption #disk-encryption #tpm #bitlocker Why doesn't the PIN become part of the encryption key in bitlocker with …

Bounty: 100

I have read here that if you choose TPM + PIN protection the PIN does not become part of the key, it is simply used by the TPM as an additional security measure. It doesn’t make sense to me, it would have been much safer and much easier to implement by encrypting the key stored in the TPM with the hash of the PIN. Since the TPM is only a physical solution, attacks have been made against it and the fact that it is protected by a PIN or not is irrelevant. While with the implementation I said before, which is apparently the most logical (correct me if I’m wrong), there is a protection based on mathematics plus TPM help for keyloggers and rootkits. So why was this choice made?

Are there alternatives to bitlocker that use the method described by me? I have seen that LUKS and veracrypt still have very limited support for the chip, therefore still far from using the PIN at the same time.


Get this bounty!!!

#StackBounty: #linux-networking #encryption #spoofing Possibilities to protect network traffic in datacenter without adding much latency

Bounty: 500

I am looking for possibilities (and their pros and cons) for protecting network traffic of the components of a a time-critical application in a data center. The aim is minimizing the damage an attacker can cause if he manages to compromose a VM. It shall be impossible to read the traffic between other (non-compromised) VMs. This could be achieved by encryption or by limiting the network access.

We have a VMware environment, several ESXi hosts and a Fortigate firewall. Parts of the internal traffic are not encrypted yet because the application opens several connections, one after the other. And there is a latency limit on the whole process.

Due to the latency limit the (trivial) usage for TLS for each connection is not an option. Maybe it could be done with proxies on all systems which keep the TLS connections open independent of what the application is doing.

I guess using a VPN between all involved systems (about 50) would be a management nightmare. We use keepalived which probably makes a VPN solution even worse.

I also think about using permanent ARP entries as a protection against ARP spoofing. VMware prevents MAC spoofing. This would not add any latency and should avoid the need for encryption. But it does not work well with the Fortigate and not with virtual IPs either.

I am interested in opinions about the mentioned approaches and other approaches which I am not aware of yet.

What do other organizations with microservices and timing restrictions do? I do not require a statement what the best solution is. I would like to know what has proven (not) to be feasible.


Get this bounty!!!