Re: Hard disk Encryption

[Alexander Klimov <alserkli () inbox ru>]

On Thu, 19 Apr 2007, Ali, Saqib wrote:
> a TPM identifies a machine

TPM has a goal not only to identify a machine, but also to
identify software that is currently executed by the machine. An
attacker cannot unseal data if they do not have access to the
TPM that sealed it; but if an attacker has the TPM and hardware
tools, they can lie to TPM about the current state of the CPU
and unseal the data.

> For a reasonably secure system you need both user
> identification and machine identification.

Remember that we are discussing "hard disk encryption". How
often an attacker gets a disk but does not get the only computer
that can decrypt it? It is not the case for laptops, and even
for portable storage it would be quite odd. That is in my
opinion "machine identification" is almost useless for hard disk
encryption.

> I think we should close this discussion for right now, until
> an attack can be demonstrated on the TPM itself, rather then
> improper implementations of the technology.

The attack I described does not need to break "the TPM itself,"
it feeds TPM with false information (supposedly coming from the
CPU) and asks it to unseal data.

-- 
Regards,
ASK