On Thu, 2005-03-17 at 11:12 -0600, Gnu-Raiz wrote: > On 10:10, Thu 17 Mar 05, Ron Johnson wrote: > > > > http://news.com.com/Hardware+security+sneaks+into > > +PCs/2100-7355_3-5619035.html?tag=st.num > > > > "The technology locks specialized encryption keys in a data > > vault--essentially a chip on the computer's motherboard." > > > > The PGP & SSH keys that some people currently store on USB thumb > > drives, would we be able to store them in this TC chip? > > [snip] > > If I read the article right, your OS has to access and > assiminate the needed data on the chip. So for right now this chip could > not be used for this purpose at this time. If you remember > this whole trusted computer stuff, is a way to lock down > harddware data access. > > Why would you want to store your SSH keys on the chip, what > happens if someone steals you computer, they now have all > your keys in one spot. Wouldn't you want to put them on a crypto-fs, for that very reason? > Ok it can happen today as well, so I > really do not think that having a vault will solve that many > problems. What it will do is drive up less open access, > which is really against the whole free software idea, as > well as against the open source ideals. > > Then you need to consider hardware failures, if your > harddrive fails can you access the data on another system? I The article indicated that there was an encrypted (flash RAM?) "chip on the computer's motherboard". [snip] > > As we all know if a person has access to the hardware, it is > insecure, so if they are doing this for security it might > not work as planned. I guess it all depends on the crypto algorithm and the implementation. -- ----------------------------------------------------------------- Ron Johnson, Jr. Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. "It's Geico, Not Gecko." Geico Insurance Advertising Slogan
Attachment:
signature.asc
Description: This is a digitally signed message part