alt Hacker News> I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data
I don't think that's true. Some vendors have a better track record than others. Nobody's popped the storage encryption on iOS or MacOS devices yet AFAIK; and the fact that it's tied to a hardware secure element makes it pretty strong.
Replies
You mean aside from the NSA? https://en.wikipedia.org/wiki/PRISM
Ah yes, the bizarro world where systems are normally unhackable so the default assumption is impenetrable security and you need to prove they are insecure.
Thank god this is not the world where things get hacked all the time and where any claim of meaningful security is a extraordinary claim that demands extraordinary evidence and proof before credibly asserting it, but everybody just ignores that part and just pinky promises it and everybody just believes them for the 104th time without evidence.
Microsoft quietly dropped support for encryption offload support ("OPAL") in SSD drives because the hardware vendors were doing absolute clown-shoes things like a single static hard-coded key or the key was literally empty / all zeroes!
There's levels of trust/security.
I generally trust Apple's device encryption, assume BitLocker can be popped by a well-equipped nation state attacker, and the rest I trust about as far as I can throw them.
PS: A related issue was (is?) that the comms between the CPU and the TPM chip on the motherboard isn't encrypted, signed, or in any significant way protected! Apparently it's relatively trivial to extract various keys including BitLocker encryption keys by simply clipping an oscilloscope to the TPM chip pins.
Reference: https://www.techcentral.ie/windows-bitlocker-no-longer-trust...