Why BitLocker does not use RSA Announcing the arrival of Valued Associate #679: Cesar Manara ...

Why are vacuum tubes still used in amateur radios?

What is the "studentd" process?

Caught masturbating at work

Does the Mueller report show a conspiracy between Russia and the Trump Campaign?

Was Kant an Intuitionist about mathematical objects?

Co-worker has annoying ringtone

Simple HTTP Server

Mounting TV on a weird wall that has some material between the drywall and stud

What does the writing on Poe's helmet say?

Why is std::move not [[nodiscard]] in C++20?

Why is it faster to reheat something than it is to cook it?

One-one communication

Is there public access to the Meteor Crater in Arizona?

Tannaka duality for semisimple groups

Is there hard evidence that the grant peer review system performs significantly better than random?

Why datecode is SO IMPORTANT to chip manufacturers?

Tips to organize LaTeX presentations for a semester

Why is a lens darker than other ones when applying the same settings?

Putting class ranking in CV, but against dept guidelines

Weaponising the Grasp-at-a-Distance spell

What does 丫 mean? 丫是什么意思?

Trying to understand entropy as a novice in thermodynamics

Resize vertical bars (absolute-value symbols)

Why do early math courses focus on the cross sections of a cone and not on other 3D objects?



Why BitLocker does not use RSA



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Securely read encryption key from NVRAM of TPM 1.2Methods of cold boot attacks in the wildClarification of RSA Key Exchange (TLS 1.2) and AES for On-Going Message ExcahngeShould I really salt in a RSA/AES hybrid connection?Anniversary Update with Bitlocker Reboot without Encryption KeyIs it possible to extract secrets from a TPM without knowing the PIN?Security of TPM 1.2 for providing tamper-evidence against firmware modificationHow does full memory encryption in newer processes protect against DMA attacks?How does Bitlocker + TPM prevent me seeing the HDD contents with another OS?Is GPG's AES encryption that much stronger than its RSA headers?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1















If I do not understand wrong from this post and Wikipedia page of the BitLocker and TPM, by default, BitLocker uses symmetric cryptography like AES. However, TPM is capable of performing RSA encryption.
Given that, the RSA key is stored in the TPM, why BitLocker does not use the asymmetric encryption (i.e., RSA)? By using such encryption technique, we might be able to defend against the cold boot attack or sniffing on LPC bus.










share|improve this question







New contributor




user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.



























    1















    If I do not understand wrong from this post and Wikipedia page of the BitLocker and TPM, by default, BitLocker uses symmetric cryptography like AES. However, TPM is capable of performing RSA encryption.
    Given that, the RSA key is stored in the TPM, why BitLocker does not use the asymmetric encryption (i.e., RSA)? By using such encryption technique, we might be able to defend against the cold boot attack or sniffing on LPC bus.










    share|improve this question







    New contributor




    user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      1












      1








      1








      If I do not understand wrong from this post and Wikipedia page of the BitLocker and TPM, by default, BitLocker uses symmetric cryptography like AES. However, TPM is capable of performing RSA encryption.
      Given that, the RSA key is stored in the TPM, why BitLocker does not use the asymmetric encryption (i.e., RSA)? By using such encryption technique, we might be able to defend against the cold boot attack or sniffing on LPC bus.










      share|improve this question







      New contributor




      user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      If I do not understand wrong from this post and Wikipedia page of the BitLocker and TPM, by default, BitLocker uses symmetric cryptography like AES. However, TPM is capable of performing RSA encryption.
      Given that, the RSA key is stored in the TPM, why BitLocker does not use the asymmetric encryption (i.e., RSA)? By using such encryption technique, we might be able to defend against the cold boot attack or sniffing on LPC bus.







      aes rsa tpm bitlocker cold-boot-attack






      share|improve this question







      New contributor




      user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 3 hours ago









      user3862410user3862410

      61




      61




      New contributor




      user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      user3862410 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          2














          Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.



          This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.






          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "162"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });






            user3862410 is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207771%2fwhy-bitlocker-does-not-use-rsa%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            2














            Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.



            This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.






            share|improve this answer




























              2














              Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.



              This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.






              share|improve this answer


























                2












                2








                2







                Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.



                This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.






                share|improve this answer













                Asymmetric encryption like RSA is limited in that you can only use it to encrypt data the size of the key. With a 2048 bit key, you can only encrypt 2048 bits of information. For this reason RSA is unsuitable for bulk encryption like disks - and even for small files like email messages.



                This is why almost all uses of asymmetric encryption involve "hybrid encryption". RSA is used to encrypt the key for a symmetric algorithm like AES, and AES is used to encrypt the bulk data. PGP is an example of a hybrid encryption application.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 2 hours ago









                gowenfawrgowenfawr

                54.9k11115162




                54.9k11115162






















                    user3862410 is a new contributor. Be nice, and check out our Code of Conduct.










                    draft saved

                    draft discarded


















                    user3862410 is a new contributor. Be nice, and check out our Code of Conduct.













                    user3862410 is a new contributor. Be nice, and check out our Code of Conduct.












                    user3862410 is a new contributor. Be nice, and check out our Code of Conduct.
















                    Thanks for contributing an answer to Information Security Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207771%2fwhy-bitlocker-does-not-use-rsa%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

                    Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

                    Simple Scan not detecting my scanner (Brother DCP-7055W)Brother MFC-L2700DW printer can print, can't...