Se utilizzi Windows 10 Pro Bitlocker FDE con un TPM e un PIN avanzato (= passphrase):
Come vengono memorizzati i tasti nel TPM? Sono memorizzati come testo normale o hashvalue o "nuovamente" crittografati?
Se utilizzi Windows 10 Pro Bitlocker FDE con un TPM e un PIN avanzato (= passphrase):
Come vengono memorizzati i tasti nel TPM? Sono memorizzati come testo normale o hashvalue o "nuovamente" crittografati?
Testo normale, ma è memorizzato su un "HDD sicuro" sul TPM.
Snippet dal sito Web Microsoft.
Computers that incorporate a TPM can create cryptographic keys and encrypt them so that they can only be decrypted by the TPM. This process, often called wrapping or binding a key, can help protect the key from disclosure. Each TPM has a master wrapping key, called the storage root key, which is stored within the TPM itself. The private portion of a storage root key or endorsement key that is created in a TPM is never exposed to any other component, software, process, or user.
You can specify whether encryption keys that are created by the TPM can be migrated or not. If you specify that they can be migrated, the public and private portions of the key can be exposed to other components, software, processes, or users. If you specify that encryption keys cannot be migrated, the private portion of the key is never exposed outside the TPM.
Computers that incorporate a TPM can also create a key that has not only been wrapped, but is also tied to certain platform measurements. This type of key can be unwrapped only when those platform measurements have the same values that they had when the key was created. This process is referred to as “sealing the key to the TPM.” Decrypting the key is called unsealing. The TPM can also seal and unseal data that is generated outside the TPM. With this sealed key and software, such as BitLocker Drive Encryption, you can lock data until specific hardware or software conditions are met.