[11524] in cryptography@c2.net mail archive
Re: get a grip on what TCPA is for
daemon@ATHENA.MIT.EDU (John S. Denker)
Fri Aug 16 11:57:40 2002
Date: Thu, 15 Aug 2002 21:54:58 -0400
From: "John S. Denker" <jsd@monmouth.com>
To: bear <bear@sonic.net>
Cc: lynn.wheeler@firstdata.com, Joseph Ashwood <ashwood@msn.com>,
cryptography@wasabisystems.com
bear wrote:
>
> No tamper-reistant hardware can even start to compare
> with a simple BIOS change to keep the entire hard drive
> encrypted. Without the proper passphrase on bootup, you
> can't even tell what operating system is installed, let
> alone install a trojan.
If the hardware isn't tamper-resistant, the adversary
can just put in a slightly-less simple BIOS that
captures your passphrase the next time you use it. At
this point the game is pretty much over. You've lost.
As a general rule: If you don't have physical security,
you don't have security.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
