User: Password:
|
|
Subscribe / Log in / New account

Security quotes of the week

Security quotes of the week

Posted Oct 3, 2013 3:00 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
In reply to: Security quotes of the week by eternaleye
Parent article: Security quotes of the week

That's still a toy. You are still going to get only a couple bytes worth of key data from this, so it can be brute-forced in a short amount of time by an attacker that can read your device hardware.


(Log in to post comments)

Security quotes of the week

Posted Oct 3, 2013 18:59 UTC (Thu) by nybble41 (subscriber, #55106) [Link]

You're never going to get users to memorize and enter a secure key as their unlock code, but there are ways around that. Assuming you have something like a TPM, have it generate and store a secure key and use that to encrypt everything. When locking the device, tell the TPM to disable the decryption key until presented with a valid unlock code. The TPM can enforce rate limits and wipe the key (or require a more secure form of unlock) if there are too many failures; even a four-digit code can be reasonably secure if attackers only get a handful of guesses. Bypassing the unlock screen would then mean bypassing the TPM, which requires not only extended physical access but extremely expensive and specialized tools and a few unusual skills.

Security quotes of the week

Posted Oct 7, 2013 10:47 UTC (Mon) by etienne (guest, #25256) [Link]

> store a secure key

If the secure key is stored, it can be read back - maybe using a complete different channel (external bus emulator), "they" won't even need to guess the 4 digits unlock code...

Security quotes of the week

Posted Oct 7, 2013 14:52 UTC (Mon) by nybble41 (subscriber, #55106) [Link]

> If the secure key is stored, it can be read back...

TPM chips are specifically designed to protect their secure memory from external access. There is no interface to read back the key; it is generated and used entirely within the TPM.

Sure, with unlimited physical access and the proper tools (like an electron microscope) you might be able to read the key from the raw silicon, or a defect in the implementation of the TPM could leak the key through changes in timing or power consumption. Either way you'd need to fully disassemble the device and employ tools rather more sophisticated than a mere external bus emulator.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds