[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
On Thursday 16 May 2002 10:05, you wrote:
One of the more important rules of security is that physical security is paramount - once a cracker has physical access to your machine he can do as near as dammit anything. Why bother trying to bypass a BIOS password when you can just remove the HD?
Which in a Thinkpad now has a password on it which is non-trivial to get around! I recommend Ross Anderson's book, Security Engineering, to anyone who has become interested in this seductive area. he writes excellently, speaks extremely well, and might under some circumstances lecure in Exeter outside University term time. The circumstances I expect would include money.
This is why companies such as IBM and nCipher are now producing Hardware Security Modules - basically a PCI card or drive-bay enclosure that is used to store key-pairs. These devices are generally tamper-resistant (or at least tamper-evident) and once you've put the keys into the box you *cannot* get them out. Keys can only be reloaded into a box if you have a certain number of smartcards that store key data.
You could atack them with an alarming variety of devices including the focussed ion beam workstation, which seems to be the nearest thing to magic yet devised. You can also attack them using analysis of fluctuations on their power lines, run them over a very short period in order to observe and infer what steps their procesor is making, and in general waste an enormous amount of time on information that can commonly be beaten out of people at much less cost - advice: think hard before you become the person who controls things that are otherwise only accessible through an almost unbreakable code. -- From one of the Linux desktops of Dr Adrian Midgley http://www.defoam.net/ -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.