Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Server/laptop full-disk encryption

> From: Bill Bogstad [mailto:bogstad at]
> It seems like
> whenever people start talking about computer security, there is a
> tendency to shoot for the maximum theoretically possible.  We don't do
> that when it comes to our cars or homes, but it does with computers.

Along a similar vein - There was formerly a FAQ on Truecrypt's website about the TPM.  They said something like "Using the TPM is the best sure way to guarantee you have no security.  We refuse to work with the TPM."  I recognize the grain of truth in there - that using the TPM and Bitlocker first of all guarantees that the "$5 wrench" technique of extracting a password from the user is sure to be effective (there is no plausible deniability), and second of all, if we assume that Intel or the NSA or whoever has backdoored the TPM, then there's another technique to extract the info.

However, the place where I disagree with Truecrypt is here:  When I deploy bitlocker, I am not deploying a system intended to thwart the NSA.  I am deploying a system intended to thwart laptop thieves from retrieving the company financial data, credit card database, product design files, etc. which are valuable on the black market.  I have actually worked at a chip company before, where we discovered our own product was pirated and sold on the black market.  One of our sales reps went to a meeting in Taiwan, and in that meeting they asked us, "Why should we buy your product when we could get the same thing from these other guys?"  And they proceeded to show us our own slides with some other company's logo on them.

To protect against this type of attack, no we do not need 256 bit, or even 128 bit.  To protect against this type of attack, the mere existence of a password prompt is probably sufficient - even if your password is "baby" but probably not if your password is "password."

It's nice to eliminate the hassle of entering two passwords every time.  I'm strongly in favor of using the TPM for everyday security, even if the NSA might have backdoored them all.  You want something to thwart the NSA?  You need plausible deniability.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /