Windows Hello without TPM risk

[gavinsiu]

I was poking around and notice this article: https://blog.elcomsoft.com/2022/08/wind ... -security/

The summary of the article is that when you setup Windows Hello, you are required to setup a PIN. If your system does not have a TPM, then instead of the pin being stored in the TPM, it will be stored on disk. If your disk is also not encrypted, the storage could be easily accessible and the pin brute forced using the Elcom software that can boot from the USB drive.

If the TPM were available, then the anti-hammering property of TPM would have halted the hack. If the disk was encrypted, then they wouldn't be able to get to the PIN location to perform the hack. While this may be a lot of if, a lot of older windows PC are setup not to be encrypted and older PC might not have have TPM. The hack will still required a person to have physical access to your computer, so it would be more of a risk to a laptop that can be lost or stolen.

[freakyfriday]

Windows 11 requires a TPM. However without full disk encryption passwords are relatively meaningless.

The pin is rarely the hackers prize but the disk contents.

Secure boot etc just kicks the can down the road as worst case scenario the fusm can just be pulled out and accessed directly

[gavinsiu]

Windows 11 requires a TPM. However without full disk encryption passwords are relatively meaningless.

The pin is rarely the hackers prize but the disk contents.

Secure boot etc just kicks the can down the road as worst case scenario the fusm can just be pulled out and accessed directly

Most platform these days come with disk encryption. For example, the Mac appears to be encrypted, alone with Android, and IOS devices. I don't know if Windows come pre-configure to be encrypted these days. Most of my recent Windows boxes have come from work, which are always encrypted for obvious reasons.

You are right that disk encryption is probably pretty important. Desktop computer sits at home though so the danger is reduced since someone will have to physically access the computer. However, data can be exposed if the computer is being repaired by a technician or they throw away their computer without wiping the disk which has led to a few corporate secrets being revealed.

The big problem with the hack is if you lose your laptop and hack the pin, they would be able to use it to gain access to your computer and your password manager, which will likely be unlocked by Windows Hello.

[tuningfork]

The big problem with the hack is if you lose your laptop and hack the pin, they would be able to use it to gain access to your computer and your password manager, which will likely be unlocked by Windows Hello.

Keep in mind the Windows PIN does not have to be numeric. It can be as long and complex as you care to make it, which is considerably more difficult to brute force. The article notes it's a security risk if you use a weak (i.e. short) PIN on a device without a TPM.

[gavinsiu]

Keep in mind the Windows PIN does not have to be numeric. It can be as long and complex as you care to make it, which is considerably more difficult to brute force. The article notes it's a security risk if you use a weak (i.e. short) PIN on a device without a TPM.

Agreed, but most people probably use a numeric pin. I think the following should be done in the order of importance for mitigation assuming your computer does not have a TPM.
1. Enable file encryption. I believe that you can actually have file encryption now without bitlocker. This is a good idea no matter if you are usinga pin or not, especially if it's a laptop where you might not be able to physically protect the laptop.
2. Use a long alphanumeric pin - this could be longer if you can leverage the biometric. If not, then it's essentially the same degree of convenience as the password.

One problem is that disk encryption probably affect performance and may cause a problem with older and slower machines.