From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LaoOG-00075z-8P for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 04:43:20 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LaoOD-00075s-RQ for grub-devel@gnu.org; Sat, 21 Feb 2009 04:43:17 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LaoOD-00075g-C3 for grub-devel@gnu.org; Sat, 21 Feb 2009 04:43:17 -0500 Received: from [199.232.76.173] (port=39663 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LaoOD-00075d-6M for grub-devel@gnu.org; Sat, 21 Feb 2009 04:43:17 -0500 Received: from fg-out-1718.google.com ([72.14.220.156]:34872) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LaoOC-0008VH-Mo for grub-devel@gnu.org; Sat, 21 Feb 2009 04:43:17 -0500 Received: by fg-out-1718.google.com with SMTP id l27so1620253fgb.30 for ; Sat, 21 Feb 2009 01:43:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=Gzu3Mq3+TZROR7bj9lN0/EKQF1CUG/PmhcdlbB1/OL0=; b=h+UCvwSsEuDf6FIeQZGfDPdVAvtVoZUHsAvCzf7OQ9O0ixJW4Tk32NRUcorTuDrvVl VQKJmJ79AbtMR4sgezqq8i59X3lemvSzYWmkMKYjU5Xt8kXBahBLoject1N6TTt7NiM+ DAUMVRMmkqLTVzLg4u8Jbfr+4A75z+U+/qJ/o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=S4toJ/bHLKgM1NVMH6U5AqMBwTNubBC8a2JKpeDfFnuBLlwsxoqx3IqwEz1EG2rkOl jg6IZqMQPimiYUAGf9qOBpyRKfWfPCvCaOKaAxo/GctH1/5p8WBkjVDpPoH40MegjAt3 7AXBmHztvKgJq/VrHerkgpAU4h6aJHeqgazmA= Received: by 10.86.99.9 with SMTP id w9mr1588965fgb.31.1235209395364; Sat, 21 Feb 2009 01:43:15 -0800 (PST) Received: from ?192.168.1.25? (166-90.62-81.cust.bluewin.ch [81.62.90.166]) by mx.google.com with ESMTPS id l12sm4402218fgb.51.2009.02.21.01.43.14 (version=SSLv3 cipher=RC4-MD5); Sat, 21 Feb 2009 01:43:15 -0800 (PST) Message-ID: <499FCCB2.7000303@gmail.com> Date: Sat, 21 Feb 2009 10:43:14 +0100 From: phcoder User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: The development of GRUB 2 References: <499F25B0.8000202@gmail.com> <499F3FB9.9070304@gmail.com> <499F4B86.2000904@student.ethz.ch> <200902202002.12963.ml@isaac.cedarswampstudios.org> <1235179301.27212.10.camel@localhost> In-Reply-To: <1235179301.27212.10.camel@localhost> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: SHA-1 MBR X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2009 09:43:17 -0000 I agree that these measures aren't here to protect against serious cryptanalyst. Actually there is a way which is even in my reach to crack it. I would buy: pci firewire card $10 Then I would download firewire debug tools and put pci card into target computer then wait that it boots and dump the whole memory (a bug in many firewire implementations allows to do it). Then the key can be easily found in this dump. However the first question of security is -What are the threats faced? (Bruce Schneier "Beyond Fear") Classical cryptography works under some assumptions and this scheme is totally unsecure under these assumptions. However I recognise that it can be useful in some cases. Regards Vladimir 'phcoder' Serbinenko Javier Martín wrote: > El vie, 20-02-2009 a las 20:02 -0500, Isaac Dupree escribió: >> Jan Alsenz wrote: >>> Yes, that was my point. You need a trusted first step. >>> But the only thing besides a TPM, that can be used for this is the BIOS, >>> which can be flashed. >>> And even, if we assume, that we can construct a BIOS that only boots if the >>> MBR hash matches and can not be flashed prior to this point, there are >>> still two points missing: >>> - After the system has started, the BIOS could be flashed. This is a very >>> possible scenario in a multi user environment. >>> - They could take out the disk and put it in another machine, tamper with >>> the boot code and switch it on. And all your protection is gone. >>> Ok, you could try to put a needed key in the BIOS too, but then we're >>> back to problem one - and the BIOS can not check if a request for the key >>> is valid. I'm not even sure, if something in the BIOS can be read >>> protected. >> BIOS could be in ROM, un-flashable, including hash/keys and all! Refuse to >> boot if the hash doesn't match! Admittedly this poses some limitations on >> whether the system can be upgraded, depending how sophisticated you want to >> be. > > This paranoid security talk is growing some big pink elephants which are > being conveniently ignored: you people are trying to protect a HD within > a computer that could be stolen, but you trust that the BIOS chip (in > ROM and whatever you want), which performs the systems initialization > (including RAM and the TPM) cannot be tampered with or even replaced. > When someone pointed the key-in-RAM problem the answer was "I'll just > glue it with epoxy resin"! For crying out loud! Without taking into > account that most epoxy resins take weeks to solidify under 100 ºC, if > the computer is physically stolen it could be subjected to EM-field > analysis. What will be the next madness? Will you wrap every RAM module > in tinfoil, a-la Faraday cage? Will you build a plasma shield around > them? This is going way out of proportion: with non-interactive key > initialization, if the computer is stolen, you are screwed period, > because you have a Mallory-on-steroids-holding-Alice-ransom instead of a > tame Eve. It does not take a rocket scientist (what I'm studying) nor a > cryptographer (one of my hobbies) to notice! > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/grub-devel