-1

There are some similar threads but no one directly addressing this question.

Is there any built in protection against TPM password only protected/encrypted second drive or USB drives using brute force attack?

When drive can be connected to any computer to unlock with password, what about brute force password attack method of manually unlocking removable drives or second hard drive?

While desktop computer is running Windows 7, has TPM 1.2 module and operating system drive C: encrypted, it obviously is reasonably well protected.

techraf
  • 9,141
  • 11
  • 44
  • 62
JoeJ
  • 1
  • 1
    Possible duplicate of [How does the TPM perform integrity measurements on a system?](http://security.stackexchange.com/questions/39329/how-does-the-tpm-perform-integrity-measurements-on-a-system) – Yorick de Wid Sep 05 '16 at 12:41
  • Joe - please stop posting as answers. If your question needs clarification, edit it. – Rory Alsop Oct 07 '16 at 18:06

1 Answers1

0

The TPM password (if you set one) is not directly used in encryption but only to unlock the TPM chip. The chip holds the encryption key and enforces any security policy (e.g. password lock out, system integrity, etc.). It is not possible to decrypt the disk on another computer without the TPM chip used to encrypt it.

If you're using Windows BitLocker, it does not ask you to setup a TPM password. You are, however, allowed to setup a PIN (or passphrase) in addition to or instead of TPM. IIRC, if you're not encrypting the system drive, the UI does not offer the TPM+PIN option and any passphrase you set independently unlocks the drive without any TPM involvement.

billc.cn
  • 3,852
  • 1
  • 16
  • 24