Re: Hard disk Encryption

[Alexander Klimov <alserkli () inbox ru>]

On Tue, 17 Apr 2007, Ali, Saqib wrote:
> BitLocker support 3 modes: Password/PIN, USB Key, or no-user-
> interaction. What you quoted above is the no-user-interaction
> mode. In this particular mode the hardware based attacks are
> possible. But in case where some interaction is required (i.e.
> password or USB key) then the hardware attacks seem
> impossible.

If one stores their secret on a USB key (or they can remember an
unguessable password) they don't need a TPM, thus the only
reasonable cause for a system to use a TPM is if it is assumed
that (at least in the majority of cases) the system will be used
without external secret input. It is indeed the reasoning of the
BitLocker authors:

    ... we expect that a large number of laptops will be used
    without PIN or USB key to avoid the need for user action on
    each reboot.

> You have taken a single mode of operation provided by
> bitlocker, and generalized to everything that uses TPM. That
> hardly seems fair.

I do not claim that every system that uses TPM is vulnerable to
hardware attacks. Imagine a laptop that has a TPM and uses
TrueCrypt with a USB key. Clearly, a hardware attack cannot
reveal the key stored on USB memory (if it was not lost together
with the laptop). What I claim is that if the system *strongly
depends* on TPM, then a hardware attack will easily break it.

-- 
Regards,
ASK


P.S. Moderator, each time I send something to this list I receive
five messages from donotreply () enterto com (on behalf of
hastelltd, phonetellltd, sure2ltd, fone4u, and z77hallmark at
enterto.com) that propose me to "confirm email sending".  I also
get a message from noreply () googlegroups com that I "do not have
permission to post to group securityfocus2." I guess it would be
a good idea to send a "do not reply" message and automatically
unsubscribe everybody who replies.