Re: SHA-1 MBR

[Alex Besogonov]

T>his paranoid security talk is growing some big pink elephants which are
>being conveniently ignored: you people are trying to protect a HD within
>a computer that could be stolen, but you trust that the BIOS chip (in
>ROM and whatever you want), which performs the systems initialization
>(including RAM and the TPM) cannot be tampered with or even replaced.
The BIOS itself is checksummed and verified by the TPM. So a simple
reflashing won't work.

Please, don't think that all engineers who designed the TPM are complete idiots.

>When someone pointed the key-in-RAM problem the answer was "I'll just
>glue it with epoxy resin"! For crying out loud! Without taking into
>account that most epoxy resins take weeks to solidify under 100 ºC,
Uhm.. It takes about 8 hours for the resin with hardener to solidify
(speaking from experience).

>if the computer is physically stolen it could be subjected to EM-field
>analysis.
That's WAY more complex than just swapping chips.

Also, there's another small thing - I can just delete the key from my
key server, and then no amount of hacking will unlock hard drive. TPM
and other measures just buy time.