tag:blogger.com,1999:blog-2592963471313037101.post1869598792422298622..comments2023-05-26T15:01:53.232+00:00Comments on Peccavi: Full Disk Encryption DRAM AttackJoe Mansfieldhttp://www.blogger.com/profile/07059738053649361313noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-2592963471313037101.post-81242293464485311422008-03-05T21:45:00.000+00:002008-03-05T21:45:00.000+00:00Ahead of the game as ever, Joe - from the BBC, 10 ...Ahead of the game as ever, Joe - from the BBC, 10 days later...<BR/>http://news.bbc.co.uk/2/hi/technology/7275407.stmUnknownhttps://www.blogger.com/profile/06409678320002369770noreply@blogger.comtag:blogger.com,1999:blog-2592963471313037101.post-56770367125124666332008-02-22T22:07:00.000+00:002008-02-22T22:07:00.000+00:00TPM modules do what they were designed to do very ...TPM modules do what they were designed to do very well, I hope I didn't come across as implying otherwise. Hardware authentication is vastly superior to any software implementation and I'm a major fan, especially for situations where strong authentication is concerned. TPM's don't handle the encryption\decryption loads for VPN's (or SSL for that matter) so in memory attacks against the session keys for such things might be possible using a similar attack but it would be a dramatically harder trick to pull off.<BR/>Seagate's Secure DriveTrust hard drives seems to be a good answer but I haven't seen any significant independent security analysis of it so it may be very good but then there is a chance that it's not. NIST have certified the AES engine that they use so that's good but that doesn't appear to say anything about how the firmware handles key storage and that is where the software FDE products have been proven to be vulnerable. It would be interesting to get a good technical analysis of how it works. <BR/>It's interesting times for anyone working in the FDE field though.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2592963471313037101.post-54652813888158489292008-02-22T21:06:00.000+00:002008-02-22T21:06:00.000+00:002 commentsFist the TPM does an excellent job of pr...2 comments<BR/>Fist the TPM does an excellent job of protecting authentication Keys that are used for VPN, IPSEC... wherfe all of the processing for authentication is done inside the TPM.<BR/>second there is a comercial solution out there from Seagate that is not vunerable as the encryption, access control and key managment takes place on the Drive controller hardware. This eliminates the separation of key storage and processing you discuss. You can buy one with a new Dell Latitude 630 today. <BR/><BR/>steven spraguesteven spraguehttps://www.blogger.com/profile/14341017432608452647noreply@blogger.com