No signed kernel, just a signed boot loader
Posted Jun 25, 2012 7:56 UTC (Mon) by jzbiciak
(✭ supporter ✭
In reply to: No signed kernel, just a signed boot loader
Parent article: Details on Ubuntu's UEFI secure boot plan
Cryptography is an exception,...
That reminded me of this great chart Valerie Aurora once posted. Granted, that covers cryptographic hashes specifically, but I'd go so far as to suggest even cryptography is an arms race to some extent. Of course, practically, it's usually many orders of magnitude easier to attack the system around the cryptography than the cipher itself. (When it's not, it's because some genius decided to roll their own cipher, or someone installed a back door.)
A 256-bit AES key is theoretically secure beyond the heat-death of the universe, provided nobody finds a mathematical weakness in AES. But, if you can find a flaw in the key generation, an attack against the AES implementation, or some other flaw in the hardware, software or communication stack it's employed in, then you transform the problem back into a software/computer/network security problem and your point stands.
So don't mind me... I'm just being a little glib. Happens when I'm working overnight again. ;-)
to post comments)