Security Basics mailing list archives
Re: Hard disk Encryption
From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 18 Apr 2007 11:51:26 +0300 (IDT)
On Tue, 17 Apr 2007, Ali, Saqib wrote:
BitLocker support 3 modes: Password/PIN, USB Key, or no-user- interaction. What you quoted above is the no-user-interaction mode. In this particular mode the hardware based attacks are possible. But in case where some interaction is required (i.e. password or USB key) then the hardware attacks seem impossible.
If one stores their secret on a USB key (or they can remember an unguessable password) they don't need a TPM, thus the only reasonable cause for a system to use a TPM is if it is assumed that (at least in the majority of cases) the system will be used without external secret input. It is indeed the reasoning of the BitLocker authors: ... we expect that a large number of laptops will be used without PIN or USB key to avoid the need for user action on each reboot.
You have taken a single mode of operation provided by bitlocker, and generalized to everything that uses TPM. That hardly seems fair.
I do not claim that every system that uses TPM is vulnerable to hardware attacks. Imagine a laptop that has a TPM and uses TrueCrypt with a USB key. Clearly, a hardware attack cannot reveal the key stored on USB memory (if it was not lost together with the laptop). What I claim is that if the system *strongly depends* on TPM, then a hardware attack will easily break it. -- Regards, ASK P.S. Moderator, each time I send something to this list I receive five messages from donotreply () enterto com (on behalf of hastelltd, phonetellltd, sure2ltd, fone4u, and z77hallmark at enterto.com) that propose me to "confirm email sending". I also get a message from noreply () googlegroups com that I "do not have permission to post to group securityfocus2." I guess it would be a good idea to send a "do not reply" message and automatically unsubscribe everybody who replies.
Current thread:
- Re: Re: Hard disk Encryption Balaji Prasad (Apr 12)
- Re: Re: Hard disk Encryption Ali, Saqib (Apr 12)
- Re: Re: Hard disk Encryption Alexander Klimov (Apr 15)
- Re: Re: Hard disk Encryption Ali, Saqib (Apr 16)
- Re: Hard disk Encryption Alexander Klimov (Apr 16)
- Re: Hard disk Encryption Ali, Saqib (Apr 16)
- Re: Hard disk Encryption Alexander Klimov (Apr 17)
- Re: Hard disk Encryption Ali, Saqib (Apr 17)
- Re: Hard disk Encryption Alexander Klimov (Apr 18)
- Re: Hard disk Encryption Ali, Saqib (Apr 19)
- Re: Hard disk Encryption Alexander Klimov (Apr 24)
- Re: Re: Hard disk Encryption Ali, Saqib (Apr 16)