| ▲ | gruez 3 hours ago | |
>Typing my passphrase on boot is muscle memory and gives me simple security I can trust. It's not an either-or. You can combine TPM with passwords which makes it far more secure than password alone. A TPM can enforce password guessing limits, otherwise a password needs to be absurdly long to be secure against GPU bruteforcing attacks. It also prevents someone from swapping out the bootloader with a backdoored version that steals your passwords. >Also can recover data without my mainboard. You're supposed to keep a backup of the encryption key when using TPM, in case it fails. | ||
| ▲ | kro 3 hours ago | parent [-] | |
Sounds good - which software supports this? Specifically I'd prefer if it would do a composite key derivation in-time rather than "just a pw prompt but TPM has the full key" | ||