From owner-freebsd-hackers@FreeBSD.ORG Wed Feb 27 09:29:28 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD1D81065678 for ; Wed, 27 Feb 2008 09:29:28 +0000 (UTC) (envelope-from ap@bnc.net) Received: from bis.bonn.org (www.bis.bonn.org [217.110.117.102]) by mx1.freebsd.org (Postfix) with ESMTP id 383E613C4FF for ; Wed, 27 Feb 2008 09:29:27 +0000 (UTC) (envelope-from ap@bnc.net) X-Junk-Score: 2 [X] X-SpamCatcher-Score: 2 [X] X-Junk-Score: 0 [] X-Cloudmark-Score: 0 [] Received: from [194.39.192.125] (account bnc-mail@mailrelay.mailomat.net HELO bnc.net) by bis.bonn.org (CommuniGate Pro SMTP 5.2c4) with ESMTPSA id 9544898; Wed, 27 Feb 2008 10:31:35 +0100 X-SpamCatcher-Score: 2 [X] Received: from [194.39.194.142] (account ap HELO wasabi.wlan.bnc.net) by bnc.net (CommuniGate Pro SMTP 5.2.0) with ESMTPSA id 3079073; Wed, 27 Feb 2008 10:29:12 +0100 Message-Id: <91F98C79-91CC-45A0-9E96-B4FE7F38D727@bnc.net> From: Achim Patzner To: Atom Smasher In-Reply-To: <20080227021221.61175.qmail@smasher.org> Content-Type: multipart/signed; boundary=Apple-Mail-59-311568495; micalg=sha1; protocol="application/pkcs7-signature" Mime-Version: 1.0 (Apple Message framework v919.2) Date: Wed, 27 Feb 2008 10:29:07 +0100 References: <20080223010856.7244.qmail@smasher.org> <20080223222733.GI12067@redundancy.redundancy.org> <31648FC5-26B9-4359-ACC8-412504D3257B@bnc.net> <47C345C9.8010901@geminix.org> <9111966B-DB9C-41E3-9D30-168D668585A9@bnc.net> <20080227021221.61175.qmail@smasher.org> X-Mailer: Apple Mail (2.919.2) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org Subject: Re: Security Flaw in Popular Disk Encryption Technologies X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2008 09:29:29 -0000 --Apple-Mail-59-311568495 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit >> You might want to take a look at eNova (http://www.enovatech.net/) >> who are pointing at interesting hardware using their crypto >> technology. > ================= > > the idea of closed-source hardware-based crypto disk drive may > appeal to some, but i've seen too many similar things fail through > stupidity, malice, etc. Compared to in-core keys which have to stay there while the device is mounted? Yeah. Great disadvantage. > one probably wouldn't have to look hard for more examples of "secure > hardware" that isn't secure. I guess you never did a formal evaluation of you security relevant subsystems anyway. > there's just no way that hardware crypto can provide the peace of > mind that open-source crypto does Let's put it that way: There is no open source solution that doesn't spill its beans too easily - key container and crypto engine should be brought together close enough to force complete destruction of the keys should anyone try to get access to them _or_ to the data path between them. Just take a look at Apple's last failure in this regard (the iPhone) and you'll see an example of "not close enough". And no, I'm not talking about a mobile system, I'm more worried about the case of physical security not being strong enough (like in the case of governmental goons breaking down your doors or US customs and immigration staff seizing running machines ["turn your machine on and prove to us that it isn't a bomb... Thank you, now it's ours."] as they have already done); emergency shutdown of all systems should reliably render your data inaccessible. The fact that British authorities lost four mobile computers with masses of sensitive data (like a complete list of their military reserve personnel including complete financial details) on their disks since October 2007 rather makes me laugh - they don't deserve crypto solutions but a good flogging with a bundle power cords. Anyway: I don't completely trust any system where keys have to travel across an unprotected bus. I'm still sad about TPMs not having made their way at least into 99% of the server mainboards. Just take a look at ISBN://978-0-7506-7960-2 (you just shouldn't completely hand over the device to your friendly OS vendor) and ISBN://0-387-23916-2 (which will prove your point - even IBM didn't follow the "think before crypto" rule). > (or maybe my tin-foil hat is too tight). You got too close to Theo the Rat, that's all. I guess we should take this off (at least *this* list). And tell me if you want to read the books. Achim Patzner --Apple-Mail-59-311568495--