--Apple-Mail-59-311568495
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit

>> You might want to take a look at eNova (http://www.enovatech.net/)
>> who are pointing at interesting hardware using their crypto
>> technology.

> =================
>
> the idea of closed-source hardware-based crypto disk drive may
> appeal to some, but i've seen too many similar things fail through
> stupidity, malice, etc.


Compared to in-core keys which have to stay there while the device is
mounted? Yeah. Great disadvantage.

> one probably wouldn't have to look hard for more examples of "secure
> hardware" that isn't secure.


I guess you never did a formal evaluation of you security relevant
subsystems anyway.

> there's just no way that hardware crypto can provide the peace of
> mind that open-source crypto does


Let's put it that way: There is no open source solution that doesn't
spill its beans too easily - key container and crypto engine should be
brought together close enough to force complete destruction of the
keys should anyone try to get access to them _or_ to the data path
between them. Just take a look at Apple's last failure in this regard
(the iPhone) and you'll see an example of "not close enough".

And no, I'm not talking about a mobile system, I'm more worried about
the case of physical security not being strong enough (like in the
case of governmental goons breaking down your doors or US customs and
immigration staff seizing running machines ["turn your machine on and
prove to us that it isn't a bomb... Thank you, now it's ours."] as
they have already done); emergency shutdown of all systems should
reliably render your data inaccessible.

The fact that British authorities lost four mobile computers with
masses of sensitive data (like a complete list of their military
reserve personnel including complete financial details) on their disks
since October 2007 rather makes me laugh - they don't deserve crypto
solutions but a good flogging with a bundle power cords.

Anyway: I don't completely trust any system where keys have to travel
across an unprotected bus. I'm still sad about TPMs not having made
their way at least into 99% of the server mainboards. Just take a look
at ISBN://978-0-7506-7960-2 (you just shouldn't completely hand over
the device to your friendly OS vendor) and ISBN://0-387-23916-2 (which
will prove your point - even IBM didn't follow the "think before
crypto" rule).

> (or maybe my tin-foil hat is too tight).


You got too close to Theo the Rat, that's all.

I guess we should take this off (at least *this* list). And tell me if
you want to read the books.


Achim Patzner


--Apple-Mail-59-311568495--