[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SHA-1 MBR
From: |
Alex Besogonov |
Subject: |
Re: SHA-1 MBR |
Date: |
Sat, 21 Feb 2009 04:21:02 +0200 |
T>his paranoid security talk is growing some big pink elephants which are
>being conveniently ignored: you people are trying to protect a HD within
>a computer that could be stolen, but you trust that the BIOS chip (in
>ROM and whatever you want), which performs the systems initialization
>(including RAM and the TPM) cannot be tampered with or even replaced.
The BIOS itself is checksummed and verified by the TPM. So a simple
reflashing won't work.
Please, don't think that all engineers who designed the TPM are complete idiots.
>When someone pointed the key-in-RAM problem the answer was "I'll just
>glue it with epoxy resin"! For crying out loud! Without taking into
>account that most epoxy resins take weeks to solidify under 100 ºC,
Uhm.. It takes about 8 hours for the resin with hardener to solidify
(speaking from experience).
>if the computer is physically stolen it could be subjected to EM-field
>analysis.
That's WAY more complex than just swapping chips.
Also, there's another small thing - I can just delete the key from my
key server, and then no amount of hacking will unlock hard drive. TPM
and other measures just buy time.
- Re: SHA-1 MBR,
Alex Besogonov <=