On Sep 18, 2007, at 19:44:59, Satyam Sharma wrote:
Security is about fractional reduction of risk, and anybody who tells
you otherwise is either ignorant or lying through their teeth. There
are *multiple* aspects of "physical access"; one of those is access
while the box is off and no data resident in volatile memory, which
is the easy case. Basically there you can just encrypt the non-
volatile storage. If the system is *on* and has unencrypted data in
memory (such as suspend-to-RAM for example) then you *HAVE* to ensure
that it can't be easily disassembled and a hardware debugger
attached; there is no way around that very fundamental limitation.
Basically if the key is resident and unencrypted as is necessary to
*USE* the system, then no amount of hardware is going to *prevent* a
dedicated attacker from getting at it unless you make it so
unportable that you don't have to worry about somebody carrying it
off in the first place. Typical mechanisms to increase the time and
effort to break into a device include wiring the entire enclosure
with extremely thin filament wires and detecting automatically wiping
the system upon any variation in a small flow of current through said
filament.
Ok, so you are saying your plan of attack on this system would be:
1) Steal the laptop such that I don't notice it has been stolen
2) Open it up
3) Replace the very-vendor-specific BIOS chip with a reflashed
one with sufficient storage to do all the things the old BIOS could
*AND* have enough storage for an entire replacement kernel binary
with a built-in keylogger, as well as some storage for the logged
password
4) Return the laptop, again such that I don't notice it has been
missing
5) Wait for me to boot and type my password
6) Somehow recover the laptop *yet* *again* to get the password
back off of it and decrypt the disk
Yes it "can be done", but so can dumping the firmware for an iPod out
through the built-in piezo clicker[1]. USE SOME COMMON SENSE HERE
PEOPLE!!! The only "unbreakable" computer is one always disconnected
and off under armed guard in a bank vault, and even then it's only as
secure as the bank in which it is stored (which get broken into on
occasion).
I am assuming that if the laptop has sufficiently important data on
it to warrant the above steps then I am also clueful enough to:
(A) Not carry the laptop around unsecured areas,
(B) Keep a close enough eye on it and be aware that it's gone by
the time they get to step 2, OR
(C) Pay somebody to build me a better physical chassis for my laptop
We are talking about *STANDARD* laptop systems with reasonably alert
users. If the user doesn't know how to properly protect the stuff on
the laptop then they probably don't know how to properly protect the
other copy in their heads, either. Besides, if some government
wanted the data on your laptop that bad they'd just pick you up in
the middle of the night and torture your password out of you.
On Sep 18, 2007, at 19:48:16, Satyam Sharma wrote:
If your system equates end-user with attacker then you are *screwed*
regardless! If you give the end-user the tools that they need to use
the system, then they can just as easily hack into it, *END* *OF*
*STORY*. See The _only_ way to protect data on a piece of hardware
is with the _assistance_ of the end-user; they have to be alert and
aware of potential threats and act to protect from them.
Cheers,
Kyle Moffett
[1] http://hardware.slashdot.org/article.pl?sid=05/01/29/2017244
-
