Like I specifically pointed out, it's belt and suspenders.
> Of course I could be wrong... please feel free to provide more info.
From https://blog.scrt.ch/2024/10/28/privilege-escalation-through... :
> Indeed, by analysing the decryption process, it appears that the user’s PIN is sent to the TPM which releases the intermediate key only if the provided secret is correct, thus effectively preventing offline bruteforce attacks.
> Secondly, no data is returned when the PIN is incorrect, which indicates that the PIN or a derivative is sent to the TPM for verification.
Now I have to wonder if the exploit author's definition of "it works with a PIN" is simply "it works if you enter the correct PIN" and just somehow left out that important detail... I don't know. Perhaps everyone is just guessing that they meant it's possible to exploit without knowing the PIN at all.
I suppose they could be lying too, but I would hope they would be smarter than that given their apparently successful track record /shrug
Belt and suspenders = the industry standard term for "you have one protection you rely on, you add a second that should help." Stuff like ASLR, for example. Or in this case, the stretched key material. The belt is the TPM PIN anti-hammering, the suspenders are the key stretch / entanglement.
> Perhaps everyone is just guessing that they meant it's possible to exploit without knowing the PIN at all. I suppose they could be lying too, but I would hope they would be smarter than that given their apparently successful track record /shrug
Trusting the word of exploit developers, especially random anime avatars on GitHub, is always a bad idea no matter the recent track record. Self promotion is very powerful in the security industry and every claim deserves independent research; that's at least half of the original point I was trying to make about conspiracy theories.
Personally, I suspect the exploit author had a disk with multiple enrollments in addition to the TPM + PIN one, and broke a parallel strategy.