Jurre andmore:
> TRESOR is no holy grail - I recommend reading TRESOR-HUNT: Attacking
> CPU-Bound Encryption[1].
>
> [1] http://seclab.ccs.neu.edu/publications/acsac2012dma.pdf
>
Of course and UFED has JTAG support and so, I would be surprised if they
didn't also attack TRESOR with such a setup
TRESOR uses debug registers and only protects key material. It doesn't
protect the code that actually reads that key in or out of the register,
nor any of the data that is actually decrypted with the key. So, it
provides protection just for keys against passive, read-only attacks
against memory. Th
On Thu, Feb 21, 2013 at 2:08 PM, Jacob Appelbaum wrote:
>
> It seems like one of the few times the use of something like TRESOR
> would improve:
> http://www1.informatik.uni-erlangen.de/tresor
TRESOR looks very interesting! I wonder what's preventing its kind of
techniques from being more widely
Michael Rogers:
> On 21/02/13 18:32, Brian Conley wrote:
>> Any idea why the researchers would posit that iOS devices may be
>> less susceptible?
>
> iOS has several classes of encrypted storage. For the
> NSFileProtectionComplete class, the class key that protects the
> individual file keys is er
Brian Conley:
> Always trust Jake to cut right to the bare honest ugly (and depressing!)
> truth.
If you really want to be depressed about mobile security, I encourage
you to acquire the cellebrite UFED forensics device:
http://www.cellebrite.com/mobile-forensic-products/ufed-touch-ultimate.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21/02/13 18:32, Brian Conley wrote:
> Any idea why the researchers would posit that iOS devices may be
> less susceptible?
iOS has several classes of encrypted storage. For the
NSFileProtectionComplete class, the class key that protects the
individ
Always trust Jake to cut right to the bare honest ugly (and depressing!)
truth.
thanks!
B
On Thu, Feb 21, 2013 at 10:48 AM, Jacob Appelbaum wrote:
> Brian Conley:
> > hrm, also true for the newest line of google nexus i believe.
> >
>
> In any phone where one might be able to open the case, I a
Brian Conley:
> hrm, also true for the newest line of google nexus i believe.
>
In any phone where one might be able to open the case, I assume someone
will also just be able to tap the bus lines. Thus, the easy route
(booting off of a special image) might not be simple but these devices
aren't u
hrm, also true for the newest line of google nexus i believe.
On Thu, Feb 21, 2013 at 10:37 AM, Parker Higgins wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 2/21/13 10:32 AM, Brian Conley wrote:
> > Any idea why the researchers would posit that iOS devices may be
> > less susce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2/21/13 10:32 AM, Brian Conley wrote:
> Any idea why the researchers would posit that iOS devices may be
> less susceptible?
Not sure if this is what they have in mind, but this particular
technique requires a battery pop to get into fastboot mode,
Thanks Steve,
Any idea why the researchers would posit that iOS devices may be less
susceptible?
Brian
On Thu, Feb 21, 2013 at 10:08 AM, Steve Weis wrote:
> This is a good illustration how data in use is exposed to physical attacks
> on most computing devices.
>
> An interesting side-note is t
This is a good illustration how data in use is exposed to physical attacks
on most computing devices.
An interesting side-note is that Android phones are starting to ship with a
hardware security module (HSM), which can be used for crypto operations and
key storage. Duo Security is one company tha
http://www.forbes.com/sites/andygreenberg/2013/02/14/frost-attack-unlocks-android-phones-data-by-chilling-its-memory-in-a-freezer/
--
Unsubscribe, change to digest, or change password at:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
13 matches
Mail list logo