Microsoft's Bitlocker compromised by bad SSD encryption

>trusting completely opaque hardware based encryption
oof oowie my cryptography hurting juice, but what would a bunch of pajeets know about designing secure software?

>not just using a self encrypting drive and just setting an ATA-password
lmfao

>want encryption/security
>uses bitlocker

Attached: laugh.webm (619x350, 900K)

top kek, hardware encryption is backdoored

>Bitlocker is pretty much the industry standard
Hahaha. What kind of a shit industry are you in? Indian scam service server security?

What is industry standard then?

>security job
>bitlocker
the firing was deserved

Attached: 049.gif (384x372, 2.83M)

The takeaway is that software FDE works just fine. Linux wins again.

Read the article.
The self encrypting drives are the problem.

It sadly is the state of the IT industry.

Making everybody at the office use Internet Explorer 8 is also "industry standard".
Only patching software once a year is "industry standard".
Using unencrypted e-mail to communicate even the most sensitive information is definitely "industry standard"

Should have defined a threat model. have your client sign it
Bit-locker might defend against common thief's and thugs.
VeraCrypt / LUKS might defend against organized crime, Companies and (Government) organizations.

Here's the original paper you fucking faggot
ru.nl/publish/pages/909275/draft-paper_1.pdf

God I hate nu/g/

>Bit-locker might defend against common thief's and thugs.

>One drive could be unlocked with virtually "any password," the researchers said, because the validation system didn't work. Another used an empty string as a password, meaning you could decrypt it just by hitting the "Enter" key.

I stated "might" for a reason
Your first example requires tempering with the SSD firmware. Not someone a common thief can do. 2nd example (null password); all bets are off in this scenario. falling back on "might"

Samsung evo 840/850 are secure if used in Max mode. This is in the paper

>850 only has issue with ata security with high mode
>opal is fine
>no mention of edrive, but probably fine because it's based on opal
so it's fucking nothing on 850 assuming you're not braindead and using something other than the equivalent of a fucking bios password

>bitlocker compromised
What an absolute shock

>fucking bios password
ATA max mode uses password pass-through from BIOS and is fine

>security job
>using bitlocker

You got would you deserved.

Ffs post archive links you incompetent piece of shit.

Based user.

Wait, doesn't Bitlocker work on filesystem level with windows doing the actual crypto?, how fucked am i?

Attached: explorer_2018-11-07_20-11-17.png (586x133, 10K)

The work industry

>not using dm-crypt

Attached: 87fbb856c298c480d4ac8c3843413c46.jpg (310x450, 22K)

Not always, i think it defaults to hardware encryption

Yeah i got around to reading the paper, seems Windows delegates encryption opportunistically if the drive states it feels up to it, bitlocker will only serve as a TPM/smartcard/PIN authenticator in those cases. Paradoxically older drives without any encryption facilities are still safe and any flaws that hit them can be easily fixed with an update instead of a firmware replacement.

Attached: nice.gif (640x360, 106K)

I don't know if this has any BEARing on this issue, but
>I booted back into Windows for the first time in months a few weeks ago.
>Have BitLocker on 860 Evo Windows drive
>Of course, Windows had updates.
>Of course, it needed to restart.
>On the update reboot, BitLocker was disabled.
... Huh??
>On next reboot, BitLocker kicked in again.
Huh.
>Goes back to Linux

Attached: Meeep sick bear avatar.jpg (400x400, 32K)

>VeraCrypt

This. "industry standard" != "reliable" or "good". It means "legacy everybody knows and can maintain".

what's wrong with it?

compromised hard

You can swith to veracrypt, for Windows anyway. The good solutions for encryption are always the ones that have their own bootloader that jumps in before any OS loads and prompts you to unlock whatever is after that

Source: dude trust me

Is that the joke?

When did everyone stop using Truecrypt and why is Veracrypt no longer considered suspicious?

Attached: 1258451749543.jpg (300x426, 27K)

>When did everyone stop using Truecrypt

Um, when it got discontinued 4 years ago and then forked to Veracrypt?

PS C:\> manage-bde -status | grep Method
Encryption Method: XTS-AES 128

I have a Samsung SSD and it works fine on my machine.

I seem to recall that Jow Forums was not a fan of Veracrypt back then, as it appeared to be heavily shilled just after Truecrypt development closed for no apparent reason. Almost as if some larger agency was attempting to push people away from using Truecrypt.

TC likely disconted cuza too many lawsuits. en.wikipedia.org/wiki/TrueCrypt#Legal_cases Too much bulljive. Look at this shit.
VC forks and makes performance improvements and is audited.

The Truecrypt team was guaranteed told to put in a backdoor and was gagged from telling anyone about it. Now the glow in the darks can't make you do things, but they can stop you from doing them. Given the ultimatum: Stop development or ride our dick, they chose to end the project. Veracrypt is just taking the Truecrypt source and continuing to maintain it without the fed being able to do shit.

Whats a good encryption to throw on a always carried around usb?

>end project
>fork project to deny responsibility
But the feds can just say, "Put vulns into VC like we wanted the TC guys to put into TC."
Or.
We wasserbort you???
Conspiracy theories baka.
Likeier is the lawsuit thing. Feds can wasserbort anyway; courts may have autistic legalisms that preclude suing fork maints for lack of dies or das or wasever.

Attached: pycnosteus palaeformis.jpg (420x300, 18K)

None of those legal issues were directed at any Truerypt developers tho, those are all cases of police being unable to access Truecrypt volumes, unless it is different for you?

Veracrypt is maintained by a Frenchman. He has a lot more "fuck off" power over US glowys.

That is of true. u3u

Attached: 7a95a3a90928e4aa816c6fd7d9a5d737.png (1000x1000, 73K)

That was truly organic. One of the few times that it was't a shitty shilling for money or trickery. Imagine if you were a dev and worried for your project endangering tons of people.

see
basically like when gov told apple to give them a backdoor.

>SSD makers release drive with fucked up firmware
>but if course it’s Microsoft’s fault

Why are you making this thread about Microsoft? It's distracting, and this is such a massive issue it affects a lot more services than Bitlocker.
This is a prime example of a shit thread.