LSS: Secure Boot

Posted Sep 23, 2012 22:32 UTC (Sun) by nix (subscriber, #2304)
In reply to: LSS: Secure Boot by raven667
Parent article: LSS: Secure Boot

Yeah. Because they'll never make any key management mistakes, there'll be no social engineering, no industrial espionage, no simple burglary -- after all, nobody at all has any reason to want to get hold of a bit of data which could kill huge numbers of Windows boxes at a stroke, no sir.

(Remember, the attackers only have to be lucky once.)

LSS: Secure Boot

Posted Sep 23, 2012 22:46 UTC (Sun) by hummassa (subscriber, #307) [Link] (2 responses)

YES, Please.

People imagining these schemes forget that crypto keys are leaked and recovered all the time IRL. And that if you are not a government, you can always use the wrench method. https://xkcd.com/538/

LSS: Secure Boot

Posted Sep 24, 2012 3:50 UTC (Mon) by raven667 (subscriber, #5198) [Link] (1 responses)

I'm sorry, are you asserting that Verisign and other major entities are leaking their root keys all the time? We're not talking about passwords for your disk encryption, we're talking about real professionally managed CAs. If some vendors signing infrastructure were compromised to sign arbitrary binaries, like the DigiNotar incident, then that subroot can be blacklisted without affecting other vendors. The root has to sign so very few things that it has very little attack surface area.

LSS: Secure Boot

Posted Sep 24, 2012 8:41 UTC (Mon) by nix (subscriber, #2304) [Link]

Several major keys from various CAs have been compromised already: more will come. If this scheme really gets going, these keys will be a *major* target -- do you really imagine that nobody with sufficient resources to get a copy won't try? (Perhaps, if they are sufficiently clever and lucky, they might even arrange to get the *only* copy: that'd be amazingly useful to extort money from MS with, though very hard since I'm sure MS have lots of backups).