Solved Explaining Bitlocker and TPM

I do not understand TPM storing encyrption key on motherboard.

What exactly does that protect against? Someone taking your hard drive and trying to mount it in a different computer?

Not very likely. The more likely scenario is they take your whole computer.

What am I missing?

It protects against the evil maid attack, but once you give up physical security day to day while you continue to use your computer, all bets are off. I'd recommend forgetting about Bitlocker and just using Truecrypt, which I discussed a little in your other thread.

Thanks Crawfish.

crawfish said:

It protects against the evil maid attack, but once you give up physical security day to day while you continue to use your computer, all bets are off. I'd recommend forgetting about Bitlocker and just using Truecrypt, which I discussed a little in your other thread.

Click to expand...

Crawfish--you seem to know a lot about Truecrypt. Do you think it would be safe to encrypt a 3 TB external (eSATA/USB2) drive in place? Or should I install it inside the computer to minimize the potential for errors?

Cly said:

Crawfish--you seem to know a lot about Truecrypt. Do you think it would be safe to encrypt a 3 TB external (eSATA/USB2) drive in place? Or should I install it inside the computer to minimize the potential for errors?

Click to expand...

I've Truecrypted several drives up to 2 TB in size in USB enclosures and eSATA docks. I've had no problems at all. OTOH, I've had a SATA motherboard port go bad on me. So I don't personally consider internal vs. external as more or less reliable than the other. That said, validate everything until you're satisfied it's reliable by doing binary file comparisons. I do this after putting a new drive in service and copying a lot of data to it, and also periodically for my backup drives. I've never found an error in several TBs of these comparisons between my internal drives and USB enclosures and drives standing up in my eSATA dock; the eSATA dock is the main thing I use these days, because it's so convenient and fast.

What do you use for comparing data between two drives? I've used Syncback.

I use Syncback SE for all my mass file copying and backups. To validate, I turn on a profile's file-by-file binary comparison option and run the profile a second time, checking the logs afterwards. I've also used WinMerge in binary mode, but it's prone to crashing with large files and probably slower.

Cly said:

I do not understand TPM storing encyrption key on motherboard.

What exactly does that protect against? Someone taking your hard drive and trying to mount it in a different computer?

Not very likely. The more likely scenario is they take your whole computer.

What am I missing?

Click to expand...

Windows and third-party apps like TrueCrypt are good at encrypting content, but there is one weak link in the chain, and that is your password. If you had a weak password and no TPM or smart card, a brute-force attack would be able to easily crack open your EFS or BitLocker or similar protection.

A TPM chip, like a smart card, adds a hardware layer that amplifies that weak link, making it strong. What goes in may be a short password, but what comes out may be a longer 4096-bit key. Also, brute-force attacks become nearly impossible, because after a certain number of attempts the hardware will take some action (like introducing delays, locking until unlocked with a different "master key", or similar).

So, you are not only better protected if the hard disk is stolen, but also if the entire computer is stolen, because the brute force attack scenario is minimized.