1 |
On Sat, Feb 20, 2016 at 5:55 AM, lee <lee@××××××××.de> wrote: |
2 |
> Rich Freeman <rich0@g.o> writes: |
3 |
> |
4 |
>> develop. (Before somebody points out LUKS, be aware that Bitlocker |
5 |
>> lets you do full-disk encyption that is secure without having to |
6 |
>> actually type a decryption key at any point. Remove the hard drive or |
7 |
>> boot from a CD, and the disks are unreadable - you can only read them |
8 |
>> if you boot off them on the original PC.) |
9 |
> |
10 |
> And how do you read the disks when this original machine is broken? |
11 |
> |
12 |
|
13 |
Well, in general you still want to have backups. I believe many of |
14 |
these sorts of solutions do let you escrow a key elsewhere. |
15 |
|
16 |
> It doesn't seem very secure, either. When your laptop that uses |
17 |
> Bitlocker gets into the wrong hands, whoever has it can read the disks. |
18 |
|
19 |
Kinda-sorta. They can boot the machine, but now they're stuck at a |
20 |
login prompt. In order to extract data from the computer they need to |
21 |
defeat password-throttling, the kernel, and so on. They have to go |
22 |
through the front-door. The main protection is against offline |
23 |
password cracking/etc. |
24 |
|
25 |
I'd think the biggest vulnerability of something like Bitlocker would |
26 |
be against direct memory attacks. I assume that the session keys are |
27 |
stored in RAM - I can't imagine that all drive reads/writes are |
28 |
streamed through the TPM. So, extracting the keys from RAM after |
29 |
bootup would be the biggest risk. If the user data is encrypted using |
30 |
user-entered passwords you're still going to have all the security of |
31 |
a LUKS-like solution but with the advantage of rate limiting of |
32 |
attacks. |
33 |
|
34 |
In ChromeOS they took a different approach. They use UEFI secure boot |
35 |
to protect the OS, and then encrypt user data using a key derived from |
36 |
the user's password and the TPM, using the TPM to rate-limit attacks. |
37 |
In this design only the user's private data is protected from reading, |
38 |
but to crack it they still have to boot the system normally and go |
39 |
through the front door. There is no way to offline-crack the user's |
40 |
weak hand-entered password. They either need to send that password |
41 |
through the TPM (I'm not sure if they can do that offline or not - |
42 |
probably they can, but it is still rate-limited by the TPM itself), or |
43 |
they need to directly brute-force the AES key which is of course |
44 |
impractical. |
45 |
|
46 |
The problem with LUKS is that it doesn't do anything to rate-limit |
47 |
attacks since there is no hardware component to it. Of course it is |
48 |
designed to make attacks more expensive using multiple rounds/etc to |
49 |
make up for the weakness of memorized passwords. |
50 |
|
51 |
-- |
52 |
Rich |