Peter Gutmann writes: > BitLocker just uses the TPM as a glorified USB key (sealing a key in a TPM is > functionally equivalent to encrypting it on a USB key). Since BitLocker isn't > tied to a TPM in any way (I'm sure Microsoft's managers could see which way > the wind was blowing when they designed it), it's not going to be TPM's killer > app.
Actually BitLocker can use the TPM's measured boot capability for additional security. This requires a TPM-aware BIOS, which hashes the disk's Master Boot Record into the TPM Platform Configuration Registers before executing it, as well as measuring other system software components. The disk encryption key is sealed to the TPM PCR values and the chip won't release it if the boot sequence is different. This means that if you want to attack by, for example, booting from a Linux Live CD or an external USB drive, the chip won't relase the encryption key even if you guess the PIN right. (Some) details at the BitLocker Drive Encryption Technical Overview page: http://technet2.microsoft.com/WindowsVista/en/library/ba1a3800-ce29-4f09-89ef-65bce923cdb51033.mspx?mfr=true Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
