BitLocker Drive Encryption offers users a number of different modes to protect the key used in encrypting/decrypting data. One of these modes requires a PIN be entered at boot time, which is used as authorization data to the TPM, and allows the key to be unsealed. As a penetration tester on BitLocker, I’ve been examining the strength of this PIN.
BitLocker processes the PIN before localized keyboard support is available, and as a result, only the Function keys (F0-F9) may be used. Naturally, this limits the entropy of the key, so brute force attacks become a concern. Fortunately, the TPM authorization data mechanism is designed to be resistant to dictionary attacks. The details vary from vendor to vendor, but if we make some basic assumptions, we can begin to calculate how strong our PIN needs to be, given this TPM protection. For argument’s sake, let’s suppose that the dictionary attack mitigation mechanism makes guessing 5000 PINs take one year (an average of ~1.8 hours per guess), and call this an acceptable level of security.
Since we have ten keys available to us, the number of possible PINs of length n is equal to 10n, and the average time to guess a length n PIN is 10n / 2. So we can get our desired security level with a 4-digit PIN: 104 / 2 = 5000. For the sake of comparison, suppose we instead used a password composed of alpha-numeric characters plus standard keyboard symbols (of which there are about 32, by my count), but did not have anti-hammering protection. Assuming even a modest average time-per-guess of one millisecond, in order to get the same level of security, we would need close to 6 characters. Plus, the TPM protects us against offline pre-computed dictionary attacks, because there is no way to access the hash of the correct PIN.
An interesting challenge arises out of the fact that only the Function keys are used in the PIN: due to the infrequent use of these keys for other purposes, an adversary might be able to perform a wear analysis to determine which keys are used in the PIN. If finger oil or corrosion on the F3, F4, F7, and F9 keys is noticeably greater than on the others, a clever adversary would just try the 4! = 24 possible orderings of these keys. So, how can you help protect yourself against this attack?
The question is: if an adversary knows which keys you used in your PIN, how many guesses will it take them to find the PIN itself? The following table helps answer this question. Here, the columns show a length-n PIN, and the rows correspond to a PIN using exactly k distinct keys:
So, in order to raise the expected number of required guesses to the previously described level, even against an attacker who can successfully analyze key wear, the PIN must contain at least 7 digits with at least 4 different keys. An important note is that the maximum in each column is not the bottom entry: it actually strengthens the PIN (against this particular attack) to have a repeated character or two. Thus, when choosing your PIN, you may want to consider intentionally having multiple occurrences of the same key(s).
Bear in mind that the wear analysis attack is still hypothetical. The BitLocker penetration testing team hasn’t tried to do this, so any guess of what’s possible is merely speculation. Nevertheless, for those looking to go the extra step to protect their data, it never hurts to consider all the attacks, even the unproven ones. If you’re concerned about wear analysis attacks, you may want to look into other mitigations (beyond smart PIN choice), such as wear-resistant keyboards, regular cleaning, or increasing use of the Function keys during normal operation.
With some smart use and a good TPM anti-hammering mechanism, your PIN can provide a major additional layer of security, without need for carrying an external key.
- Kevin Litwack (Penetration Test Engineer)