Why BitLocker does not use RSA Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Securely read encryption key from NVRAM of TPM 1.2Methods of cold boot attacks in the wildClarification of RSA Key Exchange (TLS 1.2) and AES for On-Going Message ExcahngeShould I really salt in a RSA/AES hybrid connection?Anniversary Update with Bitlocker Reboot without Encryption KeyIs it possible to extract secrets from a TPM without knowing the PIN?Security of TPM 1.2 for providing tamper-evidence against firmware modificationHow does full memory encryption in newer processes protect against DMA attacks?How does Bitlocker + TPM prevent me seeing the HDD contents with another OS?Is GPG's AES encryption that much stronger than its RSA headers?
What does it mean that physics no longer uses mechanical models to describe phenomena?
Was Kant an Intuitionist about mathematical objects?
What are the main differences between the original Stargate SG-1 and the Final Cut edition?
How were pictures turned from film to a big picture in a picture frame before digital scanning?
Why is it faster to reheat something than it is to cook it?
Random body shuffle every night—can we still function?
The test team as an enemy of development? And how can this be avoided?
malloc in main() or malloc in another function: allocating memory for a struct and its members
What is the "studentd" process?
Did pre-Columbian Americans know the spherical shape of the Earth?
How do living politicians protect their readily obtainable signatures from misuse?
Why complex landing gears are used instead of simple,reliability and light weight muscle wire or shape memory alloys?
Central Vacuuming: Is it worth it, and how does it compare to normal vacuuming?
How to write capital alpha?
My mentor says to set image to Fine instead of RAW — how is this different from JPG?
Is there public access to the Meteor Crater in Arizona?
Question about this thing for timpani
Weaponising the Grasp-at-a-Distance spell
Does silver oxide react with hydrogen sulfide?
Why is a lens darker than other ones when applying the same settings?
What does Turing mean by this statement?
In musical terms, what properties are varied by the human voice to produce different words / syllables?
Tips to organize LaTeX presentations for a semester
How to ask rejected full-time candidates to apply to teach individual courses?
Why BitLocker does not use RSA
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Securely read encryption key from NVRAM of TPM 1.2Methods of cold boot attacks in the wildClarification of RSA Key Exchange (TLS 1.2) and AES for On-Going Message ExcahngeShould I really salt in a RSA/AES hybrid connection?Anniversary Update with Bitlocker Reboot without Encryption KeyIs it possible to extract secrets from a TPM without knowing the PIN?Security of TPM 1.2 for providing tamper-evidence against firmware modificationHow does full memory encryption in newer processes protect against DMA attacks?How does Bitlocker + TPM prevent me seeing the HDD contents with another OS?Is GPG's AES encryption that much stronger than its RSA headers?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
If I do not understand wrong from this post and Wikipedia page of the BitLocker and TPM, by default, BitLocker uses symmetric cryptography like AES. However, TPM is capable of performing RSA encryption.
Given that, the RSA key is stored in the TPM, why BitLocker does not use the asymmetric encryption (i.e., RSA)? By using such encryption technique, we might be able to defend against the cold boot attack or sniffing on LPC bus.
aes rsa tpm bitlocker cold-boot-attack
asked 3 hours ago
user3862410user3862410
61
New contributor
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
If I do not understand wrong from this post and Wikipedia page of the BitLocker and TPM, by default, BitLocker uses symmetric cryptography like AES. However, TPM is capable of performing RSA encryption.
Given that, the RSA key is stored in the TPM, why BitLocker does not use the asymmetric encryption (i.e., RSA)? By using such encryption technique, we might be able to defend against the cold boot attack or sniffing on LPC bus.
aes rsa tpm bitlocker cold-boot-attack
asked 3 hours ago
user3862410user3862410
61
New contributor
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
If I do not understand wrong from this post and Wikipedia page of the BitLocker and TPM, by default, BitLocker uses symmetric cryptography like AES. However, TPM is capable of performing RSA encryption.
Given that, the RSA key is stored in the TPM, why BitLocker does not use the asymmetric encryption (i.e., RSA)? By using such encryption technique, we might be able to defend against the cold boot attack or sniffing on LPC bus.
aes rsa tpm bitlocker cold-boot-attack
asked 3 hours ago
user3862410user3862410
61
New contributor
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
If I do not understand wrong from this post and Wikipedia page of the BitLocker and TPM, by default, BitLocker uses symmetric cryptography like AES. However, TPM is capable of performing RSA encryption.
Given that, the RSA key is stored in the TPM, why BitLocker does not use the asymmetric encryption (i.e., RSA)? By using such encryption technique, we might be able to defend against the cold boot attack or sniffing on LPC bus.
aes rsa tpm bitlocker cold-boot-attack
aes rsa tpm bitlocker cold-boot-attack
asked 3 hours ago
user3862410user3862410
61
New contributor
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
user3862410user3862410
61
New contributor
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
user3862410user3862410
61
New contributor
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
user3862410user3862410
61
asked 3 hours ago
user3862410user3862410
61
61
New contributor
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.
This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.
answered 2 hours ago
gowenfawrgowenfawr
54.9k11115162
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
user3862410 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207771%2fwhy-bitlocker-does-not-use-rsa%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.
This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.
answered 2 hours ago
gowenfawrgowenfawr
54.9k11115162
add a comment |
Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.
This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.
answered 2 hours ago
gowenfawrgowenfawr
54.9k11115162
add a comment |
Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.
This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.
answered 2 hours ago
gowenfawrgowenfawr
54.9k11115162
Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.
This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.
answered 2 hours ago
gowenfawrgowenfawr
54.9k11115162
answered 2 hours ago
gowenfawrgowenfawr
54.9k11115162
answered 2 hours ago
gowenfawrgowenfawr
54.9k11115162
answered 2 hours ago
gowenfawrgowenfawr
54.9k11115162
54.9k11115162
add a comment |
add a comment |
user3862410 is a new contributor. Be nice, and check out our Code of Conduct.
user3862410 is a new contributor. Be nice, and check out our Code of Conduct.
user3862410 is a new contributor. Be nice, and check out our Code of Conduct.
user3862410 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207771%2fwhy-bitlocker-does-not-use-rsa%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
