HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md

Home Page:https://hotcakex.github.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Increase the minimum startup PIN length

pathei-kosmos opened this issue · comments

Many AMD processors (Zen 2 & 3 architectures; 3000, 5000 series...) use a firmware implementation of the TPM, the fTPM (equivalent to Intel's "Platform Trust Technology", but slightly different). Researchers have just found new attacks against this form of implementation, which make it possible to completely break the fTPM and reveal its internal state. Interestingly, using a fairly complex password means you can still maintain an adequate level of security, even with a cracked fTPM. As shown in the paper (p.11), with a compromised fTPM, a 10-character PIN will only last 34 minutes against a brute-force attack:

image

As 10 characters is the minimum length currently requested by the script, I propose to lengthen it a bit. The researchers conclude (p.13):

Our case study shows that FDE implementations must employ standalone anti-brute-force measures beyond the sealed TPM object as BitLocker does (5.3.2). If the TPM is compromised, this upholds the protector’s confidentiality to a degree a (non-TPM) PIN/password-only protector can achieve. The security of such a method dramatically depends on the length and complexity of the PIN or password, so strong requirements regarding its length and character set should be considered.

Hi,
Unless there is a reliable way to detect AMD CPU generations between 3000-5000 so that the script can apply different policies for them (haven't found any yet), I think increasing the PIN's minimum length requirement can potentially discourage people from using it in the first place 🫤

Since the attack needs physical access to the device, imo users considered high value targets and susceptible to this attack should consider upgrading their hardware to AMD 7th gen CPU or an Intel CPU that doesn't have this vulnerability, or better yet, get a secured-core PC

Edit:

AMD users with vulnerable CPUs can of course still set a long complex PIN to stay secure, it's just the script doesn't enforce it by default on everyone.

Fair point.