|
|
Subscribe / Log in / New account

LSS: Secure Boot

LSS: Secure Boot

Posted Sep 23, 2012 21:37 UTC (Sun) by raven667 (subscriber, #5198)
In reply to: LSS: Secure Boot by nix
Parent article: LSS: Secure Boot

I think you underestimate how easy defense is compared to offense when protecting keys. Any individual subroot can be revoked and replaced via a secure update, the root key hardly ever needs to be used and can be kept offline and safe against anything short of a Mission Impossible type attack.

to post comments

LSS: Secure Boot

Posted Sep 23, 2012 22:32 UTC (Sun) by nix (subscriber, #2304) [Link] (3 responses)

Yeah. Because they'll never make any key management mistakes, there'll be no social engineering, no industrial espionage, no simple burglary -- after all, nobody at all has any reason to want to get hold of a bit of data which could kill huge numbers of Windows boxes at a stroke, no sir.

(Remember, the attackers only have to be lucky once.)

LSS: Secure Boot

Posted Sep 23, 2012 22:46 UTC (Sun) by hummassa (subscriber, #307) [Link] (2 responses)

YES, Please.

People imagining these schemes forget that crypto keys are leaked and recovered all the time IRL. And that if you are not a government, you can always use the wrench method. https://xkcd.com/538/

LSS: Secure Boot

Posted Sep 24, 2012 3:50 UTC (Mon) by raven667 (subscriber, #5198) [Link] (1 responses)

I'm sorry, are you asserting that Verisign and other major entities are leaking their root keys all the time? We're not talking about passwords for your disk encryption, we're talking about real professionally managed CAs. If some vendors signing infrastructure were compromised to sign arbitrary binaries, like the DigiNotar incident, then that subroot can be blacklisted without affecting other vendors. The root has to sign so very few things that it has very little attack surface area.

LSS: Secure Boot

Posted Sep 24, 2012 8:41 UTC (Mon) by nix (subscriber, #2304) [Link]

Several major keys from various CAs have been compromised already: more will come. If this scheme really gets going, these keys will be a *major* target -- do you really imagine that nobody with sufficient resources to get a copy won't try? (Perhaps, if they are sufficiently clever and lucky, they might even arrange to get the *only* copy: that'd be amazingly useful to extort money from MS with, though very hard since I'm sure MS have lots of backups).


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds