For those who use password (not PIN) based pre-boot authentication with BitLocker... do we know if that setup is safe?

I can't imagine there would be a way to bypass that if a password is required, unless it was a situation where like, there was originally some secret secondary key made that needs no password... or the password was never tied to the key in the first place.

▲

andrecarini an hour ago | parent [-]

The exploit developer themselves say [1] TPM+PIN is vulnerable, though no public PoC.

[1]: https://deadeclipse666.blogspot.com/2026/05/were-doing-silen...

▲

forestry an hour ago | parent [-]

I’m skeptical of that claim. The key material presumably is inaccessible even to the OS without the passcode.

	▲	ranger_danger an hour ago \| parent [-]
		> presumably That's the thing, we don't actually know how involved the PIN is in relation to the key... it might be completely separate (and hence bypassable). Similarly I also wonder if password-based pre-boot auth is affected.