On Sun, Nov 30, 2014 at 5:19 PM, Mick <michaelkintz...@gmail.com> wrote: > On Sunday 30 Nov 2014 19:05:52 thegeezer wrote: >> *if* you trust it is not backdoored > > Well, yes, in the post Snowden era I do not trust it. At all. >
Keep in mind that you have to consider your threat model. I think it is fairly likely that the NSA has backdoors into most TPM chips (I'm not sure I'd even limit that to US-made chips). On the other hand, I also consider it likely that the NSA has zero-days for every browser around, and likely privilege escalation attacks against linux, and maybe even attacks against most of the hypervisors out there. If the NSA REALLY wanted your data, then they're going to get it. Of course, some attacks are a larger concern than others. Actually accessing a TPM back-door, or utilizing a zero-day, likely requires actively modifying your internet traffic, which carries a risk of detection. They won't hesitate to do that if they are on the trail of some terrorist, but they probably won't do that as part of some kind of widespread surveillance net since there would be a pretty high likelihood of detection if they did that to everybody, and then they lose their zero-day. On the other hand, if TPM-seeded random numbers aren't really random then they might be able to passively decode your SSL traffic which is something that would be almost impossible to detect, and that could be done as part of an effort to read everybody's TCP streams. Honestly, I don't really worry about the NSA. If they want to read my traffic they're going to do it, and the only way to stop them would be to wrap so much tinfoil around my head that I basically couldn't interact with anybody online. I'm more concerned with things like identity theft, cryptolocker, physical theft of laptops, and so on. A TPM provides a significant level of protection against some of these attacks. LUKS does as well, but at a cost of convenience and a risk of downtime if you're running it on a server and it ends up rebooting when you aren't around. Why would you care about full-disk encryption on a server? Well, ever have a hard disk die on you? Can you guarantee that when a hard drive dies that you'll always have the ability to wipe it before returning it for a warranty swap? With full disk crypto you're safe even if you can't wipe it. -- Rich
