Calibre has an Export Funktion which may ve of use

Yeah i know your right… I just don’t have it in me, chronical lurker :(

When you are happy about a repost of an old meme, because at least it was good, it tells a lot about the state of the Lemmy meme scene…

You keep referring to concepts like “Keys encrypted with itself” “Tpm are by design encrypted”

When you don’t really say anything from value.

Not every “encryption” is the same.

When we talk about safe encryption we talk about file system level encryption of a system with safe algorithms like aes and a long enough random password (the key). this is safe.

If you store the key unencrypted on your phone, this encryption is no longer safe.

If you don’t know the 16 random digit key it HAS to be on the phone and it CAN’T be encrypted “by itself” because you would no longer have any means to decrypt it.

It could be encrypted with a pin, but again, then its only as strong as the pin, and I don’t know how long an only numeric pin would need to be to withstand modern brute forcing, but I doubt a relevant percentage of people have that kind of pin.

You can’t explain how this would be safe, so you just come at me with russels teapot and say “well you can’t prove its not safe” (which is true because I’m no security expert, but someone with enough knowledge could certainly) and lash out at me “acting in bad faith” because I don’t jump through your hoops of passive aggressive misunderstanding.

All I can do is refer to experts, who found things like CVE-2022-20465 - a bug which allowed lockscreen bypass.

As you could have googled that yourself, but you ask this just to throw me off.

But if you want to keep using your google android and bitlocker win and feel safe, its not my problem.

How do you think encryption works?

What do you think does a lockscreen?

deleted by creator

If you think TPMs are always encrypted, a key can be encrypted “with itself” and still be any use to you and android system pin is secure you are right. Might also believe in santa

The device needs to be physically accessed and modified and then unlocked in order to exploit it.

Exactly the service the company offers

Yes it is a vulnerability but with those steps you could also just solder a keylogger to the keyboard.

This is not a hot take at all!

Sure thing, it is equally hard to confiscate/steal a device (if the user notices you just shrug) and open it no user input required And Stealing the device without the user noticing Solder a keylogger, get it back to the user without them noticing and having them put in their password, then steal the device again so you can use said passwort

I totally agree

You are right in a sense of: If the TPM holding the keys were itself encrypted with a strong password, this would be still be considered secure. You are wrong in the sense of: lenovo sells a device, tells its users its encrypted, their data is safe. None can steal their data

in reality the data can easily be accessed, which could be considered as “cracking the device/bypassing the encryption” because what lenovo prevent was someone ripping your ssd l, but not just decrypt it because the encryption was not implemented securely.

I don’t want to debate the security of a luks Linux volume or veracrypt windows laptop, (even though even those are in theory vulnerable to highly targeted and skilled things like cleverly exploiting e.g the logofail bug)

My point isn’t that there are no ways to have a secure system, my point is that the percentage of truly secure systems is low

Dude what encryption are you talking about? Hardware storage encryption is just by now getting more widely adapted, the phone I used till a year ago didn’t even support any encryption.

Sure, aes-256 with secure password only stored in your mind is quasi 100℅ safe, but that is not how most devices handle their “encryption”.

If the key for the encryption is on the device, and either stored in an unencrypted TPM or unencrypted storage, its not a matter if breaking the encryption (quite impossible) but breaking the software/hardware (quite possible for someone with good enough forensics and skilled programmers)

Also also: encryption only helps if the device is off, which is seldom the case with phones.

Wtf where your from? Is this some murica dumbness I’m to European to understand? Is it common in Europe and I just know smart people?

But yes, hyped teenager is the only group I’ve actually seen falling for that when I was at school

Yeah TPM chip encryption is mostly not secure (at least not by simply existing, as an encryption with with a strong password that only exists in your head is) I’ve seen a german youtuber crack the bitlocker TPM encryption of a windows think pad, I have no doubt big companies can do this for the 3-4 most used TPM chips in android phones

And if you got the device and can damage it, even if you couldn’t crack the chip, putting the silicia under an electron microscope is always an option (lots of actual manhours of actual experts needed, but you could charge the client heavily to compensate)

I am aware that there are secure encryptions, but android isn’t hardware encrypted isn’t it? Haven’t used google android for a while, but no encryption was one of the reasons I moved away from it.

No idea about apple, but longer startup times for storage encryption doesn’t seem like a very apple thing to do

Also phones are so seldom turned off, and if the system is running storage encryption becomes less of a concern as the key is somewhere in the ram

Isn’t it an open secret that powerful entities (like spying institutions) can get into pretty much every system if they have physical access? Why is this not plausible

Also ein Arbeitszeugnis bekommst du eigentlich IMMER wenn du irgendwo gearbeitet hast und aufhörst, meist ist das standard procedere und die Personalabteilung gibt dir das/schickt es dir zu, oft klappt das aber auch nicht von alleine und man muss darauf hinweisen, dass man ein recht auf so ein Dokument hat. Die MÜSSEN dir also eins ausstellen, egal wie wenig sie dich mögen. Es kann dann aber natürlich entsprechend schlecht ausfallen

Außerdem Achtung, da gibt es ne Menge geheimcodes die man da rein schreiben kann, deswegen vorher mal googlen (hat für ausgelassene Stimmung am Arbeitsplatz gesorgt = hat auf arbeit gesoffen. O.ä.)

But who actually does this otherwise? I have seen those kind of contracts advertised, but I never see people actually having them, apart from some 16yo who want the new iPhone by all means and this is the only way they can finance it.

From what I understand: your website history on their Servers, if its even encrypted, you don’t hold the keys.

Yeah, sounds like its the same. Do debit cards also have a pin (so you can’t get money put of people once you have stolen it or they put it in your terminal once?)

Well girocards will give the shop the permission to make a one time withdrawal of the amount displayed on the screen, if that money is in your account. If the money isn’t in your account, the payment will not go through. Also if the shop wants to make a second withdrawal, you need to insert your card again and enter your (secret) pin again, they can’t choose what’s charged an when (only before you insert your card an pin, and only THIS transaction will be authorized).

Its a pretty secure system, as (as long as the card terminal isn’t hacked) you can’t spend more than you have, you don’t need to trust shops to only withdraw the agreed amount, and they can’t charge you a second time. Also the spending shows up on your account balance normally within 1 or 2 days.

From what I understand credit cards just let anyone make withdrawals of any amount, as soon as you know the numbers written on the card. So not only you need to trust the shop to withdraw only the correct amount, you need to keep track over you spendings really good, because they could just charge you an arbitrary amount of money on an arbitrary company name months after you gave them your details. Also from what I understand (normal) credit cards just will always work, and if you pay more than you have you just automatically accept a credit contract you need to pay back to your bank. Also (years ago, don’t know if still true) payments get charged to your bank account on bulk at the end of the month, which makes security and not spending to much even harder.

Yeah, this sounds reasonaboe, guess I habe to check if my Bank offers something like that. Credit cards are quite uncommon where I live, most people just use normal girocards for paying in shops and stuff (or physical money)