When you log into Windows with a Microsoft account, your recovery key is often automatically uploaded to Microsoft’s servers as a backup in case you forget your password. Legally, this means Microsoft owns the key and must surrender it under the U.S. CLOUD Act.
I find that really quite shocking, but I guess I shouldn’t be surprised.
Given the legal and technical risks, the advice for business travelers is clear: do not carry data.
I had read like 15 years back the encryption was basically unbreakable absent password guessing. That like the password to open the computer was unbreakable almost, and princeton researchers found a way to break it by taking it apart and freezing it with some aerosol to super cold and reading it with a microscope.
I know next to nothing of it otherwise. But has it always been like this or is this a new thing with microsoft having your password?
One could cool down system memory before power is cut to a point where it retains in-use plaintext encryption keys. One basically renders the otherwise volatile system memory temporarily nonvolatile. And if one manages to keep the temperatures low for long enough, one could swap those memory modules into one’s own computer/motherboard and print the keys. As you can imagine, the resources needed for this type of attack makes the proposition of it infeasible. Then again, if your adversary is a nation state… Fingers crossed?
I find that really quite shocking, but I guess I shouldn’t be surprised.
The US really is a hostile surveillance state.
I had read like 15 years back the encryption was basically unbreakable absent password guessing. That like the password to open the computer was unbreakable almost, and princeton researchers found a way to break it by taking it apart and freezing it with some aerosol to super cold and reading it with a microscope.
I know next to nothing of it otherwise. But has it always been like this or is this a new thing with microsoft having your password?
One could cool down system memory before power is cut to a point where it retains in-use plaintext encryption keys. One basically renders the otherwise volatile system memory temporarily nonvolatile. And if one manages to keep the temperatures low for long enough, one could swap those memory modules into one’s own computer/motherboard and print the keys. As you can imagine, the resources needed for this type of attack makes the proposition of it infeasible. Then again, if your adversary is a nation state… Fingers crossed?