Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What happens when I try and login offline or unable to reach a directory server?

FWIW, Bitlocker already can store recovery keys in AD. It has been a feature for a long time.



If the machine is already on but asleep, the keys are in memory, they only have to be downloaded from the server on first login. If the machine has been off and you have no network connection then you need the long password to unlock it instead of the short one, but for most users that is already irrelevant because everything else requires a network connection too.


Ah ok, so I'll need to memorize the super long password whenever I'm out and about and want to just check something real quick. I guess I'll just put that on the sticky note on the bottom of the computer.


You want to check something real quick on what... the internet? Then you have internet access. You also have access to the local data on the machine as long as it was asleep rather than off, which will be the case the vast majority of the time.

Keeping the key stored on the machine, TPM or no, is also less secure than keeping it somewhere else. If someone steals your laptop, you deny all access to the key on the server and they can't get it even if they could guess the pin (or the user wrote that on the bottom of the computer), and there is no way to use an offline method to extract the key from the TPM because it isn't there.


> You want to check something real quick on what

Computers have these neat things called "local filesystems". They're a real hoot. Maybe you can get one on your computer.


So the sole legitimate use case for a TPM is when you're somewhere with neither cellular service nor Wi-Fi (rare) and your portable device is off rather than asleep (rare) and you can't remember a long passphrase, which doesn't have to be unmemorable, it's just less convenient to type.

This seems like it isn't worth the cost in authoritarianism?

For that matter you could still implement even that with just a secure enclave that will only release the key given the correct PIN (and then rate limits attempts etc.), but then does actually release the key in that case and doesn't do any kind of remote attestation or signing.


> a secure enclave that will only release the key given the correct PIN

So...a TPM?

> This seems like it isn't worth the cost in authoritarianism?

You know what's really authoritarian? Having your computer practically only decryptable by some remote directory server, potentially not even under your control.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: