Beyond the column, he wrote about everything from Windows to tech travel tips. He founded PCWorld's "World Beyond Windows" column, which covered the latest developments in open-source operating systems like Linux and Chrome OS. He also wrote the USA's most-saved article of 2021, according to Pocket.Ĭhris was a PCWorld columnist for two years. Beyond the web, his work has appeared in the print edition of The New York Times (September 9, 2019) and in PCWorld's print magazines, specifically in the August 2013 and July 2013 editions, where his story was on the cover. With over a decade of writing experience in the field of technology, Chris has written for a variety of publications including The New York Times, Reader's Digest, IDG's PCWorld, Digital Trends, and MakeUseOf. Chris has personally written over 2,000 articles that have been read more than one billion times-and that's just here at How-To Geek. TrueCrypt and similar solutions - well, that's a complicated topic we aren't really qualified to address here.Ĭhris Hoffman is the former Editor-in-Chief of How-To Geek. non-TPM-based solutions, or BitLocker vs. That's better than not using any encryption at all, and it's better than simply storing the encryption keys on the disk, as Microsoft's EFS (Encrypting File System) does.Īs far as TPM vs. Encryption tools like Microsoft's BitLocker and "device encryption" automatically use a TPM to transparently encrypt your files. Your computer either has a TPM or it doesn't - and modern computers generally will. Ultimately, a TPM isn't something you have to think about much. It's more secure than simply storing that key on the disk, as an attacker can't simply remove the disk and insert it into another computer. Storing the encryption keys in hardware allows a computer to automatically decrypt the drive, or decrypt it with a simple password. A TPM is arguably more of a convenience feature. BitLocker can function on drives without TPMs, but Microsoft went out of its way to hide this option to emphasize how important a TPM is for security. That means it has to store its encryption keys on the hard drive, and makes it much less secure. It has no way to store encryption keys in a TPM. This is one reason why the older Windows EFS encryption technology isn't as good. That's why the "recovery key" for BitLocker is quite a bit longer - you need that longer recovery key to access your data if you move the drive to another computer. That encryption key is partially stored in the TPM, so you actually need your Windows login password and the same computer the drive is from to get access. You normally just gain access to an encrypted drive by typing your Windows login password, but it's protected with a longer encryption key than that. Enable BitLocker disk encryption and Windows will use a TPM to store the encryption key. Just sign in with a Microsoft account on a modern PC that ships with "device encryption" enabled and it'll use encryption. Modern versions of Windows use the TPM transparently. This chip provides hardware-based authentication and tamper detection, so an attacker can't attempt to remove the chip and place it on another motherboard, or tamper with the motherboard itself to attempt to bypass the encryption - at least in theory.įor most people, the most relevant use case here will be encryption. This means an attacker can't just remove the drive from the computer and attempt to access its files elsewhere. So, if you're using BitLocker encryption or device encryption on a computer with the TPM, part of the key is stored in the TPM itself, rather than just on the disk. The TPM generates encryption keys, keeping part of the key to itself. If you built your own computer, you can buy one as an add-on module if your motherboard supports it. The TPM is a chip that's part of your computer's motherboard - if you bought an off-the-shelf PC, it's soldered onto the motherboard. Related: How to Set Up BitLocker Encryption on Windows It's a chip on your computer's motherboard that helps enable tamper-resistant full-disk encryption without requiring extremely long passphrases. TPM stands for "Trusted Platform Module".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |