|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
I would like to ask, if Bitlocker key (48-digit number) is completely pseudo-random number, or is it generated in order to suit my TPM chip?
Has every TPM chip unique code, so there CANT be two same Bitlocker keys? Or is it just probability, that there SHOULDNT be two same keys (odds are 1 : (10^48-1))
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
Ahem, I think there might be some confusion between keys and passwords here…
Has every TPM chip unique code, so there CANT be two same Bitlocker keys?
Well, since BitLocker can also be made to work without a TPM in some cases, this clearly cannot be guaranteed.
Also there are always multiple keys that are used on different paths; TPM and the Recovery key are alternative and independent methods to arrive at the VMK. Another method is the User key (which is in turn usually protected by a password encoded in UTF-16).
(odds are 1 : (10^48-1))
Where are you getting the 48?
The recovery password is 128 bits usually presented as encoded into a 48-digit format but most 48-digit numbers aren’t valid passwords. The recovery password is used to decrypt the recovery key, which is 256 bits.
The VMK might be always 256 bits but the subkeys after that might be shorter. Don’t remember when it’d default to 128-bit final keys.
The User key is the fun one as the range of possible User passwords greatly exceed the range of possible User keys, except for the part where you usually have to be able to enter them from an US-ASCII keyboard layout 
I assume, that if the key is 48 digit number, the maximum is 999999….and so on.
48 nines in a row. For example 999 = 10^3 – 1. Hope you get my logic there 
Dont know if all combinations are valid, or if there must be some validation (like modulo 13, or something similar).
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
I assume, that if the key is 48 digit number, the maximum is 999999….and so on.
Dont know if all combinations are valid, or if there must be some validation (like modulo 13, or something similar).
… the latter. Not modulo 13 but similar principle – thereby reducing the available password space significantly.
How is that a relationship? All I’m saying is that we usually assume the encryption keys are unique.
Because some of the encryption keys can be 128 bit in some circumstances, having an if-then relationship between them would mean that the effective keyspace could be at most that much, instead of the 256 bits it’s supposed to be.
It’s reasonable to expect that you’ll probably never see a collision in the wild, but in programming jumping from that to an assumption that it can’t happen is a typical way to end up with exploitable vulnerabilities – once you have a hacker trying to break in, it’s no longer an “in the wild” situation.
If the encryption keys are unique the recovery key will be too.
If you used TPM to generate the BitLocker key then it will have used its internal RSA key, which is (supposedly) unique.
cheers, Paul
If the encryption keys are unique the recovery key will be too.
I should hope not… because that “if->will” relationship would imply a weakness in the algorithm.
And lots of high-security folks around in Europe and other places don’t trust the TPMs anyway, in part because nobody can guarantee that, say, NSA or CIA in the US wouldn’t be able to custom-manufacture a duplicate TPM chip on demand.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
