Thank you for that, wish this would stop popping up everywhere.
Comment on Raspberry Pi Pico cracks BitLocker in under a minute
rtxn@lemmy.world 8 months ago
Fixed title:
Raspberry Pi Pico cracks BitLocker in under a minute (under very specific circumstances, but where’s the sensationalism in that?)
cellardoor@lemmy.world 8 months ago
thantik@lemmy.world 8 months ago
Still incorrect - it didn’t crack shit. It merely intercepted the unencrypted communication. :[
themeatbridge@lemmy.world 8 months ago
It’s a security vulnerability none the less. If there is an external TPM, then you could use a Pico to make a device that intercepts the unencrypted key. Microsoft has downplayed this vulnerability because it requires physical access to the hardware (true) and it requires significant time (false as demonstrated).
“Cracking” is a nebulous term, but generally includes any methods or tools used to steal encryption keys, which this does in under a minute IF you have physical access to the hardware AND it connects to an external TPM.
thantik@lemmy.world 8 months ago
If you have physical access to the hardware, have spent weeks researching it and produced a custom solution specific to that board and revision, etc.
This is kind of a moot point now because most TPM nowadays are not external modules and nobody focused on security is keeping this kind of hardware around.
halm@leminal.space 8 months ago
Fair point, let’s acknowledge the preparation and research that goes into something like this. While the Pico may have performed the decryption in less than a minute, there were days and weeks of labour leading up to that.
A stage magician will pull a rabbit out of a hat in less than a minute, but the audience must never see the effort of the performance. Too often, for the sake of brevity and a catchy headline, journalists tend to make every slightly technological performance sound like a magic trick.
DoomBot5@lemmy.world 8 months ago
That’s not what anyone means when they say quick. They’re talking from the moment the attempt is initiated until the time data is extracted. In this case countdown starts the moment you get access to the hardware.