Hacker News new | past | comments | ask | show | jobs | submit login

Interesting - LUKS and Apple's Filevault take the opposite approach; wherein you must provide a password from an authorised user in order to access the contents of a filesystem/logical volume. Meaning that without authorisation your data is still encrypted.

I'm not completely familiar with Windows service management and how it handles logins - but doesn't the TPM auto decrypt function of Bitlocker mean that if you have a compromised system which has a dodgy service that starts at boot time it can potentially exfiltrate data from the machine without a user logging in?

Of course, if this is the scenario you're experiencing you have much bigger problems already haha.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: