Yes, TPM without a password is a step up from no encryption but TPM with even a ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kevincox on April 18, 2023 \| parent \| context \| favorite \| on: PSA: Upgrade your LUKS key derivation function Yes, TPM without a password is a step up from no encryption but TPM with even a weak password is a huge benefit. Of course I am assuming that the TPM works correctly. Vulnerabilities in that may be more likely than with software crypto. But that is a difficult tradeoff to evaluate.

1827162 on April 18, 2023 [–]

Use the TPM as an additional layer of protection. In combination with other things as well, heck even the encryption built into an SSD. So if any one fails, it's still better than nothing. All with separate, uncorrelated passphrases.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact