Is USB based bitlocker as safe as tpm based?

The USB stick would still need to be used in conjunction with the bitlocker password to decrypt the drive, all the TPM module does is store it on the module so you have no need to carry an easily lost USB stick.

if you don't tell them your Bitlocker password you are just as protected


The security model is different. (This answer is a work in progress.)

Startup key on USB flash drive

Pros:

  • No need for a TPM.
  • 2FA: user needs both the startup key (stored on a USB flash drive by default) and the PC, in order to decrypt the system disk.

Cons:

  • You might accidentally overwrite or format your USB flash drive, requiring you to manually enter the recovery key in order to be able to boot Windows. This risk can be mitigated by using a USB flash drive with hardware write-protection.
  • If your USB flash drive is lost or stolen, then an attacker who comes into possession of it can read (and copy) the startup key from it. This particular attack can be mitigated by using a hardware-encrypted USB flash drive (e.g. this; there are other brands available).
  • If your PC is sufficiently compromised, then an attacker could potentially read the startup key from your USB flash drive while it is inserted into the PC during the boot process. This will be true even for hardware-encrypted USB flash drives, as they must be unlocked in order for the PC to boot. However, if your PC were compromised to this extent, then whoever compromised it would probably already be in a position to read everything that BitLocker is protecting, i.e. the startup key would probably be superfluous for them.

TPM

Pros:

  • No need to purchase a USB flash drive.
  • No risk of that USB flash drive being lost or stolen.
  • Unlike USB flash drives, TPMs are intended to prevent the private data that they store from being read. Instead, they use challenge-response mechanisms. As such, an attacker without advanced skills or equipment will not be able to retrieve the private key from a TPM.

Cons:

  • Attackers with advanced skills or equipment, and with electronic or physical access to the PC, may be able to retrieve the private key from a TPM, e.g. by:

    • cutting open the TPM and using an electron microscope to read its contents; or
    • employing a side-channel attack such as RSA timing analysis or differential power analysis.
  • Attackers with sufficiently advanced skills may be able to fool the TPM into performing the challenge-response successfully even if Windows has been modified by an attacker. (This is more of an attack against "secure boot" than against BitLocker per se.) However, if your PC were compromised to this extent, then whoever compromised it might already be in a position to read everything that BitLocker is protecting.

  • If you move the BitLocker-protected drive to another PC, you will need to manually enter the recovery key.