-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Benno:
> On Fri Apr 28, 2006 at 20:18:15 +1000, Malcolm V wrote:
> >On Friday 28 April 2006 19:55, Adam Bogacki wrote:
> ><snipped>
> >> http://www.theregister.co.uk/2006/04/27/schneier_infosec/
> >
> >Call me cynical (or stupid), but software cannot offer hardware based
> >encryption. Sure, a piece of software can make use of hardware based
> >features, as can other pieces of software.
>
> No, I'll just call you smarter than John Leydon :).
>
> BitLocker is software. It uses the TPM hardware to verify the boot
> process. (I'm trying to get more information on that.)
There's an awful lot of manufacturers selling "hardware RAID" cards
that have nothing on the card except a CPU and and EEPROM. Usually
not a terribly fast CPU (after all RAID-5 requirements are not much
more than basic block handling and a fast parity algorithm).
Yes I'm looking at you Compaq... and you too IBM.
Getting back to the topic, I believe that it is possible for a system
to detect whether it has been chain-loaded from some other bootloader
and then refuse to run if it detects this. The system only works off
the officially sanctioned bootloader and this bootloader never boots
anything else -- no more dual boot. Probably makes it harder to use
MS libraries in wine, also might kill Xen, VMware and all those handy
tools that give you a chance to make a few MS-Windows licenses go a
long way...
Suppose (for example) that any piece of hardware on the system contains
consistent (but unknown) state at boot time and will have this state
shuffled by the boot process (e.g. a CRC of the boot sector plus some
secret internal machine ID). Further suppose that such hardware allows
you to perform cryptographic operations based on the hardware state but
did not allow you to discover what the state was. You could now use this
hardware to encrypt the hard drive in such a way that another system
would have great difficulty emulating the process (booting the other
system always corrupts the hardware state and not enough internal
information is available to emulate the device to rebuild the
correct state). I would guess that TPM hardware contains the necessary
ingredients.
Does this give any better security than a well-known encryption algorithm
(e.g. AES) plus a passphrase plus a key device (e.g. USB, etc)? No it
doesn't, it is probably worse because if your motherboard chip dies
you won't be able to recover your data on a different motherboard.
That means you have to have an unencrypted backup which in turn becomes
the weak point.
This is all my supposition... with nothing other than gut feeling to
back it up. I guess we will find out when the time comes.
- Tel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iQIVAwUBRFLpi8fOVl0KFTApAQIG2A//UOfXY8qLxNRSd3w3/k8u28UMIHNuogle
qXVgBqQs7Q5qF7cIYBh6ja07K8oyhEL0TrMXOrIUpa/eBXmkp07RA3rA6Dd1S1nJ
rDQERdXzNqrSdE5fs/8yPBR2CORYRk3FZUXJ63ZP9Kzb2wIICFvOp6SCp8XS+gBX
Qyup6H1n64aCQj/oIqefQpjjiAekrrSVDUWZ7xDC0JeGq+Zxm1hEYDKppeOpc4xc
Ck0DczTmFZzJ98PDkm2R3Fd4L82sYHWXLjkfE6vDgww4aWmxfb8jt8xrjXVHfHwO
pnkMUAzTH8nfreQE8FjpR4MHF9lI3XfpPXqQ/CrmuMXqX2+LL5Z6fKttXLhzxY3N
yjrvOLcOn2QKHJzkJZD3c5KFnuzZEKtFchXsBGBgkiUfrPtvI2P8ILXjazM7qKLT
o3/ZV/vjgrMis7FVqHoth25mtQ2Et4dyZq3m5QEpLZnFLtzioQHEfEZBaakveb5q
4JyuJO/DavrMd5TRtTf6uxgAVywWita4gGQfQuqnV4QG0qVRuxRhf9ci5inL/Dp0
JyO7dOmkCy7s9iLiilO6rG2kAGAR9PHv/Vh/tDZdK+Mmvr+EnR9TFZwDTd5cvJfm
yrxqGBM6fPPYQn0FPNnebhiXm968Z4G3Y9Jv0OK/mQHSAQ218/p3cK9ycGhyLvPP
k3vltYTPxTk=
=vC6u
-----END PGP SIGNATURE-----
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
