>> "Notably, using BitLocker with a Trusted Platform Module (TPM) sometimes >> makes it less >> secure, allowing an attacker to gain access to the data even if the machine >> is stolen while it is completely powered off."
>Bryan, >I think you completely missed the context of this statement. This type >of attack on BitLocker would only work when it is used in "basic mode" >(where the encrypted disk is mounted automatically without requiring a >user to enter any secrets). It is not advisable to use BitLocker in >the basic mode. >A weak software implementation can not be used to undermine security >provided by TPM or Seagate's Trusted Drive. TPM and the Trusted Drive >are based on the specifications by the Trusted Computing Group. >Saqib Saqib, I don't understand your statement. First, the "basic mode" of BitLocker is the mode that Microsoft normally expects people to use, whether or not that makes much sense from a security perspective. Second, even if the TPM were used to encrypt and store the FDE encryption key, and only provide it to the BitLocker software after a user has logged on, the AES encryption is still be done in software, and therefore the disk encryption key is exposed to the Princeton attack. There isn't a TPM chip on the planet that is fast enough to do the FDE encryption in hardware. For that reason, a TPM module is no better than using an outboard encryption device, such as a CAC card or other encryption token. Like the CAC, the TPM chips I am familiar with only support RSA-1024, which is certainly not very strong. SPYRUS supports the encryption of an AES-256 key with ECC P-384 on our Rosetta chip, providing equivalent strength of mechanism. Even so, the AES key is still in software. I am not up to speed on the details of the Seagate drive - maybe someone can post a URL to the detailed specifications? But to the best of my knowledge, it is not certified under FIPS 140-2, and the rumors I have heard indicate that it may never be, because of the difficulty of testing an ASIC with the encryption embedded in the disk controller function. I would be interested to learn how the password is entered and protected, both with and without a TPM module present. Obviously, if the password is not scrubbed appropriately, or if it is accessible within the hardware without too much work, there is no great benefit to this approach. Speaking only personally, if and when Seagate gets formal certification for FIPS 140-2 Level 3 or higher, I will be the first in line to buy one. If they only have level 2, or worse yet, no certification at all, then I consider it to be a draw compared to software FDE solutions, which don't require me to replace my existing hard drives. Although the Princeton attack is certainly interesting, and well worth considering, I would be at least as concerned about the Simple Branch Prediction Analysis attacks, on two core machines, especially if a Guest account is enabled. Powering down the machine, either with Hibernation or a complete Shutdown, and not letting it out of your possession for at least 15 minutes afterwards is sufficient to forestall the Princeton attack, so far as I know. But obviously, relying on a screen locker when the machine is unattended is probably not a good idea, unless you have a good lock on your door. Robert Jueneman _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
