----- Original Message ----- From: "Jonathan Thornburg" <jth...@astro.indiana.edu>
To: "Brian Gladman" <b...@gladman.plus.com>
Cc: "John Gilmore" <g...@toad.com>; "Peter Gutmann" <pgut...@cs.auckland.ac.nz>; <cryptography@metzdowd.com>; <s...@cs.columbia.edu>
Sent: Monday, February 02, 2009 3:53 AM
Subject: Re: full-disk subversion standards released

It's this variety of different software encryption schemes -- and
compilers to turn them into binary code (which is what the NSA/Intel
backdoor ultimately has to key on) that, I think, makes it so much
harder for a hardware backdoor to work (i.e. to subvert software
encryption) in this context.

I well understand the difficulties of mounting attacks but the fact remains that if someone else is able to take over _control_ of your machine you won't obtain any security irrespective of whether your interest is in network or storage encryption.

And _if_ Intel were to be interested in being able to take over your machine whenever it wished to do so -- which I don't believe it is -- subverting its processor designs to make this possible will be many, many orders of magnitude more effective than subverting the design of a TPM that 99.999...% of machines won't have.

I am personally happy to trust Intel and I am also happy to trust the design of the TPM I happen to use. And it is completey useless for DRM provided only that Intel and the TPM supplier have not been subverted.

I simply don't believe that TPM's will ever achieve (or could ever have achieved) the widespread adoption that effective DRM demands and I don't personally believe that such applications ever played much part in the design. But _provided_ the hardware suppplier can be trusted, hardware based security is able to achieve a much higher level of assurance than pure software ever can. TPMs are hence useful in custom security applications and I am personally much more confident in my security using my TPM based solution than if I would be if I were relying on a pure software approach.

I am _not_ advocating TPM technology since I doubt its general utility for widespread adoption but I reject the idea that TPMs are part of an evil plot to infect the world with DRM.

   Brian Gladman

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to