• ShortN0te@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    If you think TPMs are always encrypted, a key can be encrypted “with itself” and still be any use to you and android system pin is secure you are right. Might also believe in santa

    Not sure what you are rambling about the TPM.

    Then prove that the Lockscreen is insecure.

      • ShortN0te@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        4 months ago

        How do you think encryption works?

        What do you think does a lockscreen?

        As i guessed. You are evading the question by again babbling nonsense and questioning my knowledge instead of actually proving anything you are saying.

        You have shown that you have a bad understanding of what you are actually talking about (see the ‘cracked’ TPM discussion) and constantly shifting the discussion away from what you are saying : “Basically every device can be accessed without major problems” and what i am trying to explain to you.

        You are acting in bad faith.

        Bye

        • SomeLemmyUser@discuss.tchncs.de
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          4 months ago

          You keep referring to concepts like “Keys encrypted with itself” “Tpm are by design encrypted”

          When you don’t really say anything from value.

          Not every “encryption” is the same.

          When we talk about safe encryption we talk about file system level encryption of a system with safe algorithms like aes and a long enough random password (the key). this is safe.

          If you store the key unencrypted on your phone, this encryption is no longer safe.

          If you don’t know the 16 random digit key it HAS to be on the phone and it CAN’T be encrypted “by itself” because you would no longer have any means to decrypt it.

          It could be encrypted with a pin, but again, then its only as strong as the pin, and I don’t know how long an only numeric pin would need to be to withstand modern brute forcing, but I doubt a relevant percentage of people have that kind of pin.

          You can’t explain how this would be safe, so you just come at me with russels teapot and say “well you can’t prove its not safe” (which is true because I’m no security expert, but someone with enough knowledge could certainly) and lash out at me “acting in bad faith” because I don’t jump through your hoops of passive aggressive misunderstanding.

          All I can do is refer to experts, who found things like CVE-2022-20465 - a bug which allowed lockscreen bypass.

          As you could have googled that yourself, but you ask this just to throw me off.

          But if you want to keep using your google android and bitlocker win and feel safe, its not my problem.