100
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Jan 2026
100 points (100.0% liked)
Technology
80228 readers
600 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
I'm stupid. How do thet even produce the keys?
Your computer generate a random key using (hopefully) a trusted PRNG with good enough sources. This key is then used to encrypt your data. This key is stored in your computer's TPM module, and provided to the OS only if the chip approves all the checks in places. In addition, you get that key displayed to you, so you can write it down (or alternatively save the key file somewhere of your convenience). This is relatively good as far as security goes (unless the TPM is broken, which can happen).
And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account. That's the part that sucks, because then, they have the key, can unlock your drive on your behalf, and have to produce it if asked by a judge or something.
Note that there are relatively safe way to protect these keys even if they are backed up in "the cloud", by encrypting them beforehand using your actual password. It's not absolutely perfect, but can make it very hard/costly/impossible to retrieve, depending on the resources of the attacker/government agency. But MS didn't chose this way. I don't know if it's because of sheer incompetence, inattention, or because this feature is claimed to be here to "help" people that lose their key, and as such are likely to lose their password too, but it is what it is.
Funny enough, people have lost access to their bitlocker encrypted drive because of some weird issues that triggered the windows intallation to revert to asking for the full bitlocker encryption key (I think if you disable secure boot or mess with CPU upgrades or the TPM, or some weird update broke, that can happen), which they didn't have and forgot the microsoft account. But microsoft can't help because they forgot about their acount credentials.
They should've asked the FBI for help lolz
Microsoft built the encryption in Windows so know how to get around it. In theory that remains a closely guarded secret but there are the warrants and the NSA and...
Nope, this isn't even a "backdoor". The key itself was automatically uploaded to your microsoft account, so they can just take the key from the microsoft servers and walk right in. This isn't some secret, a quick online search will reveal this as public information. They literally tell you the key will get uploaded.