User: Password:
|
|
Subscribe / Log in / New account

No signed kernel, just a signed boot loader

No signed kernel, just a signed boot loader

Posted Jun 22, 2012 20:53 UTC (Fri) by marcH (subscriber, #57642)
In reply to: No signed kernel, just a signed boot loader by cjb
Parent article: Details on Ubuntu's UEFI secure boot plan

http://www.schneier.com/blog/archives/2007/12/how_to_secu...

Computer security is hard. Software, computer and network security are all ongoing battles between attacker and defender. And in many cases the attacker has an inherent advantage: He only has to find one network flaw, while the defender has to find and fix every flaw.

Cryptography is an exception,...


(Log in to post comments)

No signed kernel, just a signed boot loader

Posted Jun 25, 2012 7:56 UTC (Mon) by jzbiciak (subscriber, #5246) [Link]

Cryptography is an exception,...

That reminded me of this great chart Valerie Aurora once posted. Granted, that covers cryptographic hashes specifically, but I'd go so far as to suggest even cryptography is an arms race to some extent. Of course, practically, it's usually many orders of magnitude easier to attack the system around the cryptography than the cipher itself. (When it's not, it's because some genius decided to roll their own cipher, or someone installed a back door.)

A 256-bit AES key is theoretically secure beyond the heat-death of the universe, provided nobody finds a mathematical weakness in AES. But, if you can find a flaw in the key generation, an attack against the AES implementation, or some other flaw in the hardware, software or communication stack it's employed in, then you transform the problem back into a software/computer/network security problem and your point stands.

So don't mind me... I'm just being a little glib. Happens when I'm working overnight again. ;-)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds