this post was submitted on 23 Jan 2026
1285 points (99.6% liked)

Technology

79236 readers
1763 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
1285
Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch (techcrunch.com)
submitted 2 days ago by commander@lemmy.world to c/technology@lemmy.world
211 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Buelldozer@lemmy.today 126 points 2 days ago (40 children)

The word "Gave" is really doing some heavy lifting in that title. Microsoft produced the keys in response to a warrant as required by law.

If you don't want a company, any company, to produce your data when given a warrant then you can't give the company that data. At all. Ever.

Not fast food joints, not Uber, not YouTube, not even the grocery store.

[–] deczzz@lemmy.dbzer0.com 10 points 2 days ago (12 children)

I'm stupid. How do thet even produce the keys?

[–] cley_faye@lemmy.world 23 points 2 days ago (6 children)

Your computer generate a random key using (hopefully) a trusted PRNG with good enough sources. This key is then used to encrypt your data. This key is stored in your computer's TPM module, and provided to the OS only if the chip approves all the checks in places. In addition, you get that key displayed to you, so you can write it down (or alternatively save the key file somewhere of your convenience). This is relatively good as far as security goes (unless the TPM is broken, which can happen).

And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account. That's the part that sucks, because then, they have the key, can unlock your drive on your behalf, and have to produce it if asked by a judge or something.

Note that there are relatively safe way to protect these keys even if they are backed up in "the cloud", by encrypting them beforehand using your actual password. It's not absolutely perfect, but can make it very hard/costly/impossible to retrieve, depending on the resources of the attacker/government agency. But MS didn't chose this way. I don't know if it's because of sheer incompetence, inattention, or because this feature is claimed to be here to "help" people that lose their key, and as such are likely to lose their password too, but it is what it is.

[–] French75@slrpnk.net 3 points 2 days ago

And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account.

You'd probably also have to jump through the hoops to disable windows recall too.

load more comments (5 replies)
load more comments (10 replies)
load more comments (37 replies)