Security Basics mailing list archives
Re: Hard disk Encryption
From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Tue, 17 Apr 2007 11:56:22 -0700
Alexander,
The TPM is not a cryptographic accelerator.
A cryptographic accelerator is different from a chip's ability to perform bulk cryptographic functions. But that is a different topic.
... vulnerability to hardware-based attacks seems fundamental for systems without user actions on boot. The cryptographic keys used to protect the confidential data must be available to the laptop during a normal boot, and can therefore be recovered by a hardware attack.
You have taken a single mode of operation provided by bitlocker, and generalized to everything that uses TPM. That hardly seems fair. BitLocker support 3 modes: Password/PIN, USB Key, or no-user-interaction. What you quoted above is the no-user-interaction mode. In this particular mode the hardware based attacks are possible. But in case where some interaction is required (i.e. password or USB key) then the hardware attacks seem impossible. In fact the paragraph immediately following what you quoted, states: "Stopping hardware attacks is possible, but requires the use of a token (e.g. USB key) and/or a user-memorized password or PIN. These options are fully supported by BitLocker, and they improve the security of the system." saqib http://www.full-disk-encryption.net
Current thread:
- Re: Re: Hard disk Encryption Balaji Prasad (Apr 12)
- Re: Re: Hard disk Encryption Ali, Saqib (Apr 12)
- Re: Re: Hard disk Encryption Alexander Klimov (Apr 15)
- Re: Re: Hard disk Encryption Ali, Saqib (Apr 16)
- Re: Hard disk Encryption Alexander Klimov (Apr 16)
- Re: Hard disk Encryption Ali, Saqib (Apr 16)
- Re: Hard disk Encryption Alexander Klimov (Apr 17)
- Re: Hard disk Encryption Ali, Saqib (Apr 17)
- Re: Hard disk Encryption Alexander Klimov (Apr 18)
- Re: Hard disk Encryption Ali, Saqib (Apr 19)
- Re: Hard disk Encryption Alexander Klimov (Apr 24)
- Re: Re: Hard disk Encryption Ali, Saqib (Apr 16)