The published exploit doesn’t affect Bitlocker with a PIN, without which Bitlocker isn’t secure anyway. The original author claims they have an exploit that also works with a PIN, but hasn’t provided any proof of that.

briffle 31 minutes ago | parent | next [-]

Does your company require the pin? Or more importantly, does the company that your company pays for Cyber insurance require the pin?

I have never seen a company where they require the pin for bitlocker.

	▲	layer8 16 minutes ago \| parent [-]
		My company doesn’t require use of Bitlocker at all, because all actual work happens on computers on-premises (which you can remote-login into). External devices are outside the security boundary. But when I do use bitlocker, I use it with a PIN.

▲

an hour ago | parent | prev | next [-]

[deleted]

▲

qingcharles an hour ago | parent | prev | next [-]

And there is a level above PIN with Bitlocker too, you can have a USB stick with a key on it which you use only during boot. I would imagine that is secure from this attack as the data isn't even stored on the device (I hope).

▲

anal_reactor 2 hours ago | parent | prev [-]

Assuming that the PIN version claim is true, it's interesting to think why they would've released a nerfed useless version rather than the PIN version. I have some ideas but they're completely baseless.