Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If windows is encrypted with keys from the TPM anyways, then tailscale doesn't need to encrypt a second time.

Windows also bit me in the ass with this feature, but tailscale not enabling encryption wouldn't have helped one iota.



Local software could be stealing plaintext secrets from your encrypted disk. Physical access is not the only attack vector.


The only way to protect against that is if a secure application boundary is enforced by the operating system. You can make it harder for other programs to uncover secrets by encrypting them, but any other application can reverse the encryption. I don't believe using the tpm meaningfully changes that situation.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: