On Sat, April 29, 2006 14:20, [EMAIL PROTECTED] wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Benno: >> On Fri Apr 28, 2006 at 20:18:15 +1000, Malcolm V wrote: >> >On Friday 28 April 2006 19:55, Adam Bogacki wrote: >> ><snipped> >> >> http://www.theregister.co.uk/2006/04/27/schneier_infosec/ >> > >> >Call me cynical (or stupid), but software cannot offer hardware based >> >encryption. Sure, a piece of software can make use of hardware based >> >features, as can other pieces of software. >> >> No, I'll just call you smarter than John Leydon :). >> >> BitLocker is software. It uses the TPM hardware to verify the boot >> process. (I'm trying to get more information on that.) > > There's an awful lot of manufacturers selling "hardware RAID" cards > that have nothing on the card except a CPU and and EEPROM. Usually > not a terribly fast CPU (after all RAID-5 requirements are not much > more than basic block handling and a fast parity algorithm). > > Yes I'm looking at you Compaq... and you too IBM. > > > Getting back to the topic, I believe that it is possible for a system > to detect whether it has been chain-loaded from some other bootloader > and then refuse to run if it detects this. The system only works off > the officially sanctioned bootloader and this bootloader never boots > anything else -- no more dual boot. Probably makes it harder to use > MS libraries in wine, also might kill Xen, VMware and all those handy > tools that give you a chance to make a few MS-Windows licenses go a > long way... > > Suppose (for example) that any piece of hardware on the system contains > consistent (but unknown) state at boot time and will have this state > shuffled by the boot process (e.g. a CRC of the boot sector plus some > secret internal machine ID). Further suppose that such hardware allows > you to perform cryptographic operations based on the hardware state but > did not allow you to discover what the state was. You could now use this > hardware to encrypt the hard drive in such a way that another system > would have great difficulty emulating the process (booting the other > system always corrupts the hardware state and not enough internal > information is available to emulate the device to rebuild the > correct state). I would guess that TPM hardware contains the necessary > ingredients. > > Does this give any better security than a well-known encryption algorithm > (e.g. AES) plus a passphrase plus a key device (e.g. USB, etc)? No it > doesn't, it is probably worse because if your motherboard chip dies > you won't be able to recover your data on a different motherboard. > That means you have to have an unencrypted backup which in turn becomes > the weak point. > > This is all my supposition... with nothing other than gut feeling to > back it up. I guess we will find out when the time comes. >
I think you hypothesis is sound, but I also think the consequences are more dire than you imagine since the TPM hardware is likely to be part of the motherboard, and if *any* component on the mobo fails, necessitating a swap out, then your data is shafted, and given the propensity for mobos to die... -- Howard LANNet Computing Associates <http://lannet.com.au> When you want a computer system that works, just choose Linux; When you want a computer system that works, just, choose Microsoft. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
