[143227] in cryptography@c2.net mail archive
Re: full-disk subversion standards released
daemon@ATHENA.MIT.EDU (Jonathan Thornburg)
Fri Jan 30 17:28:48 2009
Date: Fri, 30 Jan 2009 16:41:56 -0500 (EST)
From: Jonathan Thornburg <jthorn@astro.indiana.edu>
To: John Gilmore <gnu@toad.com>
cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, cryptography@metzdowd.com,
smb@cs.columbia.edu
In-Reply-To: <200901292122.n0TLMbwU026364@new.toad.com>
On Thu, 29 Jan 2009, John Gilmore wrote:
> If it comes from the "Trusted Computing Group", you can pretty much
> assume that it will make your computer *less* trustworthy. Their idea
> of a trusted computer is one that random unrelated third parties can
> trust to subvert the will of the computer's owner.
Indeed, the classic question is "I've just bought this new computer
which claims to have full-disk encryption. Is there any practical
way I can assure myself that there are (likely) no backdoors in/around
the encryption?"
For open-source software encryption (be it swap-space, file-system,
and/or full-disk), the answer is "yes": I can assess the developers'
reputations, I can read the source code, and/or I can take note of
what other people say who've read the source code.
Alas, I can think of no practical way to get a "yes" answer to my
question if the encryption is done in hardware, disk-drive firmware,
or indeed anywhere except "software that I fully control".
--
-- Jonathan Thornburg <jthorn@astro.indiana.edu>
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
