Slashdot Mirror
Hardware TPM Hacked
BiggerIsBetter writes "Christopher Tarnovsky has pulled off the 'near impossible' TPM hardware hack. We all knew it was only a matter of time; this is why you shouldn't entrust your data to proprietary solutions. From the article: 'The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can't be sure, however, whether his attack would work on TPM chips made by companies other than Infineon. Infineon said it knew this type of attack was possible when it was testing its chips. But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users. ... The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment."'"
'near impossible'
Shouldn't that be 'near inevitable'?
Infineon said it knew this type of attack was possible when it was testing its chips.
Did they mention this in their marketing and when selling the TPM FUD to governments and companies?
"exceedingly difficult to replicate in a real-world environment."
Meaning only powerful criminal organizations, companies and governments can probably gather the
required resources and people with the expertise to pull it off? Out of 6.8 billion people, how
many have the resources to do this? 1000? 10,000? What about in 5 years?
At what point will they admit its flawed? Probably when TPM2 is fully patented and ready.
http://en.wikipedia.org/wiki/Trusted_Platform_Module
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
Well that is the state of play according to TheInq http://www.theinquirer.net/inquirer/news/1591069/ex-army-bloke-us-ready-cyber-war
That near impossible = possible = bad security. The arrogance to think they are soooo smart and (almost) no-one will be able to crack their design. Well it only takes 1 person. But I am guessing about every secret service in the world already knew how to do this attack.
http://en.wikipedia.org/wiki/Trusted_Platform_Module
Civilization is the process of setting man free from men.
To encrypt something, you must have a 20-character password minimum to get 128-bit key strength. Nobody likes typing 20 characters, so TPM was invented. TPM stores your key on a separate chip. This chip only coughs up the key if you enter a short password to authenticate yourself to the chip.
The chip uses rate-limiting boot-delays to prevent brute-forcing of the password.
So they only way to get the key is to break the chip apart and look at the hardware somehow. The chips are usually encased in epoxy to make this hard to do. It's never been done before. Now it has... but it's still hard work.
TPM chips come on all business laptops these days, though few businesses make use of them. And they're still better than telling your users to memorize 20 char passwords (which they would just write down).
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
This one line changes things:
The new attack discovered by Christopher Tarnovsky is difficult to pull off, partly because it requires physical access to a computer.
You can't have a piece of hardware make your data safe forever. It only needs to be safe for as long as you use it.
This is my sig.
FTA "Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores. From there, he had to find the right communication channels to tap into using a very small needle."
If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.
When I saw TPM, the first thing I thought of was the CP/M variant that came with the Epson QX-10.
"But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users."
You're kidding me, right?
It is by my will alone my thoughts acquire motion; it is by the juice of the coffee bean that the thoughts acquire speed
So he did this by access the information in the chips protected storage. Now that he has done this does it let us get at the set of possible keys or anything that would allow a software solution to defeating these things?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Taking the chip apart is hard. Paying off somebody with access to the design documents is easy.
Go green: turn off your refrigerator.
In essence, what he seems to have done is open the chip to extract the keys (or data that allowed computing the keys).
All you need is a good source of Brownian Motion.
Seriously... We're reading about how Chinese baddies are doing this and that to gain access to secrets and whatnot and it seems like every few weeks some previously unbreakable form of encryption has been compromised. Maybe it's time to greatly reduce our dependency on the digital world to secure trade and state secrets. I mean... Laptops and phones are lost/stolen all the time, why would anyone in their right mind trust transporting state secrets on a flippin' laptop??? We all know it happens and we all know it's just a matter of time before something horrible happens because some high ranking official has his laptop stolen while playing "toe tap" in the bathroom stalls of some random airport.
Fifty watts per channel, baby cakes.
http://xkcd.com/538/
If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles, then it's valuable enough to threaten the person with the password to divulge it.
It does not matter how hard it was/is.
This message of success will assure that many other outfits will have a try at it for various reasons.
It's the proverbial ghost out of the bottle.
Since using technique involves reverse engineering the chip, this is a clear violation of the DMCA. So just find your local attorney and prosecute.
Problem solved. Nothing to see here move along. Thanks for playing. :)
What do you expect access to "design documents" will help with?
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
While decapping chips is done all the time in failure analysis labs, it isn't easy, and it's even harder if you're trying not to damage the chip (or yourself) in the process.
Decapping usually involves concentrated nitric and/or sulfuric acids. Temperature control is important. You want to carefully dissolve the plastic without destroying the lead frame and/or the bonding wires going from the lead frame to the die. You also want to complete this process without losing any fingers or your eyesight -- highly concentrated acids. Rinse carefully with deionized water and test to make sure the chip is still functional.
Now you can feed the chip to your electron beam probe, FIB mill, or just take pretty pictures.
Not the kind of thing you're going to do in your kitchen!
This is a hardware hack (see title).
In order to hack it, you need to do some stuff with your hands, you need the physical device. You can't hand this to a script kiddie and he'll be breaking into the NSA in no time.
I don't think its Infineon's responsibility for this "vulnerability" at all. You'd need to be someone within the same field as Christopher Tarnovsky, and someone with roughly as much knowledge. If you don't know who he is, look him up. He is pretty much at the top of his field.
This is like how your house is vulnerable because the lock on the front door can be picked by a lockpicking expert or locksmith. Yet - no one is complaining.
So, you want to go back to analog? Is that what you're saying?
Faster! Faster! Faster would be better!
And you'd think posters would try reading the article before sounding smarmy and dismissing the abilities of others. Funny that.
Given that the first step of the "attack" is physically dissolving the chip's outer packaging in an acid bath... I'm guessing this won't be showing up in script-kiddie toolchains any time soon.
Make sure to hand in your geek card on the way out.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
This required physical access to the device. If you have unlimited physical access to any device, digital or analog, you will eventually be able to crack it, assuming you have the available resources. The key is to keep the bad guys from getting access in the first place, which isn't always possible. Even the best security has numerous weak points, like the security guards that only make $40K a year, or people that leave their devices unattended in public places.
Probably best to store all critical information on punch cards and secure them in a burn safe guarded by people that are already multi-millionaires.
I still cannot find the droids I am looking for...
I've been reading about this hack for days, but something seems fishy. Some of the earlier reports had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM.
However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.
(http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html)
The hard part will always be taking the chip apart without destroying the data (or the ability to read the data).
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
20 character passwords aren't hard if you use a passphrase. They're just as easy to memorize (if not easier) and vastly more secure. The only reason I don't use them for everything is that some online services put a limit on maximum password length. It's not really any harder to type in 20 characters than it is to type in 8 if you're good at typing. I understand that people are lazy, but good security doesn't need to be a string of 20 random characters, numbers, and symbols that are difficult to remember.
ANY type of security will become crackable.
New Economic Perspectives
Wrong. Real encryption with real key management can be either impossible (OTP) or effectively-impossible (AES) for someone to get around, even if they have physical access to your machin
You forget that humans are the weakest link. Torture the shit out of someone that knows the password, and you'll be home free.
This is my sig.
The entropy of a 20-character passphrase is much less than the entropy of a 20-character random password, actually.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Indeed. One can't be totally certain (calculating entropy exactly is undecidable in general), but the entropy rate of English is approximately 1 bit per letter (give or take half a bit, so says Claude Shannon).
Assuming your passphrase is English, it would have to be somewhere around 30 words long to give 128 bits of security? That's essentially the entire first paragraph of this comment, a pretty long passphrase!
The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment."
Which means there will be a GPU app for it in a week, a device on thinkgeek that also turns off every TV in a tactical area in 2 weeks, and a breakout board from sparkfun in 3 weeks.
After details of the initial hard hack are made public, a circuit can be built to connect a circuit directly to the chip without having to disassemble the chip itself again. (this was already done initially). therefore, ***Buy/build this 10 minute circuit, clip pins 1 and 2 of transistor to chip pins x and z, and output to chip output pin y. now you are always trusted (bypass this chip essentially).
1) take christopher's (from article) data about pinouts of chip, and design circuit to bypass.
2) sell readykit or circuit plans on intertubes
3) every script kiddy/foreign government/etc can simply pop the keyboard off a laptop, hook up the circuit, and start hacking away at whatever drive encryption is in use.
4) Deja-vue *example: Read contents of chip without removing from motherboard* - (http://www.llamma.com/xbox/Repairs/Reading_Xbox_Hdd_key.htm)
5) Profit!
No matter how quick the method gets, having to work with hydrofluoric acid with the target machine means it's a risky procedure, as in "do you like having bones in your fingers?". It's not something you can reduce to a script and rattle out. It's not going to scale well to multiple machines, either.
That in itself is an argument against obscuring this exploit, of course. No script kiddies were going to suddenly run out and apply this opportunistically, so the risk of releasing it is low to nonexistent. Frankly if you're going to encase the component in epoxy, the possibility of an eavesdropping hack is implicit.
No kidding!!! What do you say at this point?
What do you expect access to "design documents" will help with?
That way you know what kind of epoxy was used so to better disassemble it . . .
But seriously, like you said, "So they only way to get the key is to break the chip apart and look at the hardware somehow." Wouldn't the design documents be useful? Like schematics and EDA files, block diagrams, masks, engineering memos, or even the definition of the algorithm -- among other possible "design documents". Why wouldn't access to this information be helpful, given that physical access is? Gratuitous car analogy: You don't need to take my car apart if you have access to the plans.
I am not a crackpot.
Why not just use a SHA-1 hash of some arbitrarily large password or phrase, or whatever? That should take care of both problems.
It really only needs to be replicated once doesn't it?
If you're going to use a passphrase then you'll need much more than 20 characters to get 128 bits of entropy:
Considering that the entropy of written English is less than 1.1 bits per character, pass phrases can be relatively weak. NIST has estimated that the 23 character pass phrase "IamtheCapitanofthePina4" contains a 45 bit-strength.... Using this guideline, to achieve the 80 bit-strength recommended for high security (non-military) by NIST, a passphrase would need to be 58 characters long, assuming a composition that includes uppercase and alphanumeric. (Wikipedia)
To get 128 bits of entropy would require about 20 words. I don't know about you, but to me it seems that 20 non-obvious words would be about as hard to remember as 20 random characters, while being much less convenient to type.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
[...] someone will eventually figure it out and implement software to do it automatically so any script kiddie can do it. Math -- crypto included -- is funny that way.
Did you read the article? The security of cryptography is based on the lack of an efficient algorithm to do things like factoring large numbers or computing discrete logarithms. This attack has nothing to do with any of that. It is about destroying the chip casing and eavesdropping on the circuitry of the hardware.
Somebody fixed The Phantom Menace? I'd like to see that.
Appended to the end of comments you post. 120 chars.
Really? You don't think that the CIA, KGB, or the intelligence agencies of China | Iran | Israel | Elbonia have managed it, ever?
The World Wide Web is dying. Soon, we shall have only the Internet.
Gratuitous car analogy: You don't need to take my car apart if you have access to the plans.
Unless, say, the thing you actually need from the innards of your car is the private key of the ignition system. Which isn't in the plans. So no, access to the plans doesn't really help at all, in this specific situation.
And they're still better than telling your users to memorize 20 char passwords (which they would just write down).
This is one of thos "dont's" I just don't get. I keep passwords written down, and in my wallet with my money and other things that are as important or moreso than passwords. Plus I disguise them as other things, like phone numbers.
A post-it note on the monitor I agree is stupid, but in my wallet?
Free Martian Whores!
Well TPM is a relatively open standard. If you can find a fundamental flaw in the implementation, more power to you. That would be breaking TPM wide open, if accessible from the outside. This is akin to someone figuring out that all door locks from vendor X will open with a master key. Physically disassembling an IC, and taping one of its logic lines is specialized work (even in hardware engineering), as done in the TPM case. This attack is akin to someone cutting down your door with a chainsaw, cutting open your door lock, and making a duplicate key from looking at the pins.
Why don't you have him just sign something with that public key signature rather than divulging the private key to the world?
Perhaps a signed copy of the Gutenberg Press release of Aesop's fables???
The Eagle and the Arrow
An Eagle was soaring through the air when suddenly it heard
the whizz of an Arrow, and felt itself wounded to death. Slowly
it fluttered down to the earth, with its life-blood pouring out of
it. Looking down upon the Arrow with which it had been pierced,
it found that the shaft of the Arrow had been feathered with one
of its own plumes. "Alas!" it cried, as it died,
"We often give our enemies the means for our own destruction."
This is like how your house is vulnerable because the lock on the front door can be picked by a lockpicking expert or locksmith. Yet - no one is complaining.
If you consider that someone could pick up your house and take it with them, then pick the lock at their leisure to get at the contents, sure.
Unrestricted physical access in a world of laptops is becoming easier and easier.
upon the advice of my lawyer, i have no sig at this time
The attack is interesting, but it's actually beyond the scope of what the TPM was designed to do. The TPM is primarily intended to provide three services: 1) hardware root of trust at boot, 2) fast and secure cryptographic operations (including key storage), and 3) remote attestation. This attack focuses on the second service, as it is designed to extract the cryptographic keys that are supposed to be stored securely. Yes, the attack succeeds and it's interesting, but a lot of people are missing the big picture.
TPMs were never designed to withstand this type of attack. With regard to "secure storage," the goal was to do something better than just storing your keys on an insecure device like a HD. The reason that this notion of security is good enough is that the TPM was also designed to be inexpensive. Would anyone buy a new desktop if the price suddenly jumped up to $10,000 for a Pentium? So the hardware protection is just supposed to provide a reasonable amount of assurance for the average user. If you're looking at highly sensitive environments (e.g., military), you shouldn't be using a TPM. There are cryptographic co-processors out there that have more robust protections against these types of attacks, but they cost a lot more.
This is hacking like sawing your front door out from the frame is picking the lock. Yes, they got in.
Or, perhaps, like coming home from a trip, kicking in your front door in Cambridge, and having the neighbors watch in amusement. With any luck, none of them would call 911 and tell the police that someone is busting into the house next door. Likewise, you will be losing your PC or notebook, but you will have some time to change your network and online passwords etc, if you're paying attention and not bound and gagged in the cave next door. Your hard drive, however, is fair game. Truecrypt means never having to say 'what password'?
And you'll WISH they were the Cambridge police.
Of course, if they're serious, you're dead already.
deleting the extra space after periods so i can stay relevant, yeah.
Statements like "this is why you shouldn't entrust your data to proprietary solutions" make me wonder what I've been doing with my life.
Once in a while I'll forget my passwords or PIN numbers until I can get to a PIN pad or keyboard, where the muscle memory kicks in. Over time my passwords become stored as a series of movements, not characters.
It would have to be really really long. That itself is a problem.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I have been researching on this hack for hours upon hours, and something just doesn't add up. Earlier reports were of him cracking the SLE 66 CL which is embedded in the TPM but is NOT the TPM itself. The chips he has been using are cheap ones from China. The issue at hand is that Infineon is a German company, just a little different from your run-of-the-mill Chinese company. When you sum these things up, you can't really surmise that he has in fact cracked the Infineon TPM. So what if he has hacked a similar chip? You can't just go around saying that you have cracked a top-of-the-line Infineon. Every chip is NOT created equally.
On the flip side, there is an easy way for him to prove me wrong. Every Infineon TPM comes with an Endorsement Key, basically an RSA secret key. The purpose of this key is that it should be kept secret and never realized off the chip, not to software, not to any other board component. Infineon TPMs come with X.509 certificates issued by Infineon. If Tarnovsky has truly hacked this one out, he should be able to extract and publish the private part of the Endorsement Key along with Infineon's certificate on that key. All that he has to do is show that he has these TWO pieces of data.
But is he up for it?
Let me fix that for you: You meant it has never been PUBLICLY RELEASED before.
If one guy working alone can manage to do it, the intelligence agencies of several nations did it a long time ago. And don't kid yourself, a TPM chip is nothing compared to the kind of hardened devices said agencies trust with their data.
At the physical level, data has to be in the clear somewhere. If you have the tools and the skill, an intrusive hardware attack against a single device is much less complicated than, say, cracking good crypto or finding a vulnerability that works on every device of that type.
Unless, say, the thing you actually need from the innards of your car is the private key of the ignition system. Which isn't in the plans. So no, access to the plans doesn't really help at all, in this specific situation.
I see what you mean, but the documents can still be quite useful. It's certainly useful to be able to build your own unit, perhaps even without the retry delay. Also, the Wikipedia article on TPM says that ". . . each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication." If the design documents provide insight to how the keys are generated and assigned, perhaps you can reduce the complexity of guessing them. I assume it's not just a simple series of keys (1000, 1004, 1008, . . ., e.g.) but it's probably not completely random, either. Knowing something of the degree and nature of "non-randomness" could make a tough problem orders of magnitude less tough. Recall that when breaking the Enigma, Allied cryptanalysts learned (through espionage) that the keys could never contain the same character in the same position as the previous day's key. This limitation of randomness made their work a little easier.
And maybe you find the best gift of all: a back door.
I am not a crackpot.
Security: http://xkcd.com/538/
-dZ.
Carol vs. Ghost
Exactly, but its not the manufacturers responsibility to ensure you secure your laptops. Simple as that.
Why not? Try Python.
import acid
-dZ.
Carol vs. Ghost
The article (briefly) mentions that the Xbox uses the vulnerable Infineon TPMs. I wonder if this hack will make it any easier to find the Xbox 360's CPU key and thus make it easier to jailbreak a fully patched console?
"There are Israeli companies that have made a good living doing exactly that for many years now." Thank you for confirming the existence of the Jew World Order.
I used to go by the name BoyHowdy when i was hacking DTV, I made a small circuit that used 3 hcttl chips to glitch the H cards that were killed on Black Sunday. I can say that this guy is for real, arrogant or not.
Excellent points.
Do you know why a 20-character password is so hard? Because most systems limit passwords to 10 or 15 characters. Other than that, longer passwords are easier to remember.
Good, easy to remember, long passwords:
"This is my work computer and those IT jerks keep making me change my password"
"I hate this training system"
"My mother's maiden name is Johnson"
Most people can easily memorize their name, their address, the characters in their favorite sports movie, the last 5 coaches of their favorite sports team... those longer things are actually _easier_ to remember than a single word with no context.
I'm sorry, could you elaborate? I'm not really seeing why it would.
Each letter in a password is selected from 96 possibilities. Each letter in a passphrase is much more predictable than 1/96, though. There are only so many English words... far fewer than the number of words which could be made with combinations of 96 characters.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
When the computer is trying to protect its owner's secrets, the key should be in the owner's head, not stored in a chip.
Then attackers would just stick metal probes in your head after stripping it with acid.
Give me Classic Slashdot or give me death!
But if you are using the hash as a key, how is that relevant?
Because password-cracking software has the ability to compute hash values.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
http://hardware.slashdot.org/comments.pl?sid=1543104&cid=31076056
I have been researching on this hack for hours upon hours, and something just doesn't add up. Earlier reports were of him cracking the SLE 66 CL which is embedded in the TPM but is NOT the TPM itself. The chips he has been using are cheap ones from China. The issue at hand is that Infineon is a German company, just a little different from your run-of-the-mill Chinese company. When you sum these things up, you can't really surmise that he has in fact cracked the Infineon TPM. So what if he has hacked a similar chip? You can't just go around saying that you have cracked a top-of-the-line Infineon. Every chip is NOT created equally. On the flip side, there is an easy way for him to prove me wrong. Every Infineon TPM comes with an Endorsement Key, basically an RSA secret key. The purpose of this key is that it should be kept secret and never realized off the chip, not to software, not to any other board component. Infineon TPMs come with X.509 certificates issued by Infineon. If Tarnovsky has truly hacked this one out, he should be able to extract and publish the private part of the Endorsement Key along with Infineon's certificate on that key. All that he has to do is show that he has these TWO pieces of data. But is he up for it?
VS
http://hardware.slashdot.org/comments.pl?sid=1543104&cid=31077696
I've been reading about this hack for days, but something seems fishy. Some of the earlier reports [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM. However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.
$100 says that this is damage control from Infineon by challenging Tarnovsky to something that they know, for whatever reason, he is unable to accomplish?
...and, confronted with the difficulty of remembering that many random words and their order, people would simply use common text like the preamble to the Constitution, lyrics from their favorite song, etc. Despite how unique we may fancy ourselves, our favorite paragraphs are probably significantly less unpredictable than six random characters.
"Convictions are more dangerous enemies of truth than lies."
Well, yes. Those who object to that are not thinking clearly about what kinds of attacks are possible on a password and what various security measures are meant to prevent. A 20 character password is supposed to slow down brute forcing the hash on the captured password file or the like. It's no more secure than a six character password on a "gun to the head" attack. If someone has physical access to my person, they have access to all my passwords, whether I wrote them down in a little black book I keep with me or not. If I failed to write them down, they need only wave a gun in my general direction and I'll happily write them down for them. Having them already written down simply saves a bit of time and unpleasantness...
"Convictions are more dangerous enemies of truth than lies."
Of course it has. So? You'd be as safe as your password, for which there can be some minimum (saner) length and character type requirements, and you get to use a password that you don't have to write down anywhere. No need for fancy chips. I'd call that a win.
By taking the last output, XORing it with a monotonic counter (a counter that just counts up) and encrypting again you get a new a key. Generating a RSA key is a little more complex but that is a very simple way of getting a "completely random" number every time while keeping the odds of repeating a number very low.
More correctly, it helps find what you want, but you still need the physical access to get the key.
Not a sentence!
No, we need to switch over to using Johnny Mnemonics to carry our sensitive data.
Even in my earliest days, physical access to a box meant, my box. So to speak.
I'm not surprised that this system has been cracked. With sufficient knowledge of a system, with reasonable tools and physical access to a system, that system is likely to be compromised, plain and simple. This is a hardware hack, and I'm always fascinated with hardware hacks, bare metal hacks seem really cool; but I don't think they are "near impossible".
I applaud his hardware hack, but in light of the expectation of "near impossible", I'll be moving on to the next article.
It doesn't matter what hash is used. What matters is the number of combinations used to generate the key.
When you restrict yourself to combinations which form English words, you greatly reduce the number of possible combinations at a given length.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Who said anything about this? ;)
That's what a "passphrase" is. If it's not a phrase, it's a password.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Aha, there's a weakness right there.
Just like someone can use a gun to force you to give up the PIN on your card...
Besides, what good is having a 20 character password if a 5 or 7 character password can unlock it?
TPMs are designed for three things: 1) establish a hardware root of trust for boot (i.e., make sure that you're actually booting your OS and not a rootkit first), 2) provide lightweight, secure and fast cryptographic operations (so you don't have to do something stupid like store a cryptographic key in plaintext on your HD), and 3) allow remote attestation of a computer's software stack
(1) You can have a root of trust for your boot sector rather easily without a TPM: have the BIOS store a hash of the boot sector; have it warn the user when it changes (pre-boot), and have the boot sector update program tell the user the new hash so he can compare it against what the BIOS says whenever it changes.
(2) fast crypto just requires a hardware implementation of DES/AES/RSA/.... Secure private key storage if you are root---just encrypt your private key with a password and chmod go-r it. For non-root users, you lose: root can always read all of your files and kmem anyway.
(3) Remote attestation is fine, until youtube will only send you videos if you attest to run Windows XX which won't let you store the videos. At that point, your choice isn't just "secure or not", it's "youtube or freedom to control my own computer". Pile NYT, disney.com and a few other highly desirable (to some) websites, and the norm will become computers that their owners aren't in control of. At least that's something to fear.
Yes, there are applications of TPMs for DRM, but that is a side effect and not a primary factor.
Yeah, your legs might fall off. Don't worry, that's a side effect and not a primary factor.
No, sorry. I don't want no (steenkeeng) DRM. I'll trust that the secret keys I store on my machines are kept secret from not-me, and use that for remote attestation (via ssh).
Because you STILL would only need to guess the PASSPHRASE. I explained this to you already.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
You missed the point. A five character password can unlock a 128bit key. But the password can't be guessed at the rate of a trillion per second: the hardware limits it to only a few tries per minute.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
You're on Slashdot, so you probably already know this.
Others might not so I'll post this linky and mention that it IS available on several torrent sites (and so is part 2).
Show them to your kids before they get to see the crap one that Lucas messed up.
Do not meddle in the affairs of geeks for they are subtle and quick to anger
You know what? Forget it.