Announcement

Collapse
No announcement yet.

Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by F.Ultra View Post

    AFAIK you can take ownership of the TPM and then change the EK with tpm_createek command. Fingerprinting have gone on for decades long before TPM was a thing and current methods don't need a TPM to achieve high accuracy either, e.g here is an article where using just Browser fingerprinting uniquely identified 74% of desktop users: https://medium.com/slido-dev-blog/we-collected-500-000-browser-fingerprints-here-is-what-we-found-82c319464dc9


    And
    pretend that MS stores a unique generated value using steganography in the registry, stored over multiple other keys. How would you even know. So, no, they don't need a TPM to uniquely identify you, they have plenty of other venues. It does make it easier though so there I do agree with you.
    No, you cannot change the EK. It is written into the hardware at the time of its manufacture. If you could change it, that would undermine the whole point of a TPM. There are other ways you can identify someone, but again those are all software. So I can defeat fingerprinting by using a common user agent. I can avoid Microsoft by installing Linux. With a TPM there is literally nothing I can do except change hardware. I remember how upset people were when Fedora talked about creating a unique identifier just for tracking the number of individual users they had, or something like that, but this is much worse.

    Comment


    • Originally posted by krzyzowiec View Post

      No, you cannot change the EK. It is written into the hardware at the time of its manufacture. If you could change it, that would undermine the whole point of a TPM. There are other ways you can identify someone, but again those are all software. So I can defeat fingerprinting by using a common user agent. I can avoid Microsoft by installing Linux. With a TPM there is literally nothing I can do except change hardware. I remember how upset people were when Fedora talked about creating a unique identifier just for tracking the number of individual users they had, or something like that, but this is much worse.
      No you cannot escape browser fingerprinting by just changing the useragent, it's way more sophisticated than that.

      Changing the EK does not undermine the whole point of TPM since the whole point of TPM is not to identify the chip but to allow the owner to put keys into it that you cannot get back out again so that you can store a private key and then let TPM encrypt data with that private key so that you later can decrypt it using the public key. Changing or clearing the EK would simply mean that you lost access to all those other keys stored on the chip.

      There are books that at least claims that you can change the EK to your own value and apparently Windows have tools for this: https://books.google.se/books?id=F69...e%20ek&f=false

      Comment


      • Originally posted by F.Ultra
        Changing the EK does not undermine the whole point of TPM since the whole point of TPM is not to identify the chip but to allow the owner to put keys into it that you cannot get back out again so that you can store a private key and then let TPM encrypt data with that private key so that you later can decrypt it using the public key. Changing or clearing the EK would simply mean that you lost access to all those other keys stored on the chip.
        Simple question. If you should be able to change the key, then why do it in hardware instead of software?

        Comment


        • Originally posted by krzyzowiec View Post

          Simple question. If you should be able to change the key, then why do it in hardware instead of software?
          So that you can store the private key in a way that makes it impossible to extract. That is the whole point of TPM.

          Comment


          • Originally posted by tildearrow View Post
            So, is Lennart saying my data is safer in the hands of corporations that spy on users? I totally disagree.
            You do know that you can build, at least *android* from source without the google spyware in it, don't you?

            Comment


            • Would be nice if Linux would provide a WebAuthn/U2F platform authenticator backed by TPM like: https://github.com/psanford/tpm-fido

              Comment


              • Originally posted by birdie View Post

                Windows 10 with "spying" has been around for over 6 years. No one has been able to show how it's leaking data left and right. Perhaps tildearrow wants to believe that Windows is spying but for some reasons he's saying that as if it's a fact instead of his belief.

                I'm glad Michael no longer allows you to moderate because for that you're lacking some crucial traits like critical thinking and adherence to proven facts instead of "I've heard something it must be true".
                This is somewhat late to the party but I want to respond here. I did some network analysis with fiddler back when Win10 came out and one of the things that stuck out was how much data was leaking:

                * Frequent pings to MS servers with installation GUID + IP address
                * By default, hashes of launched executables
                * terms typed into start menu (for bing search function)
                * An all-interface DNS strategy that could frequently leak DNS queries off of unencrypted interfaces

                And much more. Some of this can be disabled, but the pingbacks cannot and are sufficient on their own to trivially unmask e.g. a dissident using a swiss based VPN. All a nation-state needs to subpoena Microsoft for a few bits of information-- the GUID associated with the VPN-based actor, all other IPs associated with that GUID, and timestamps for when those connections occurred. You can then trivially determine the pre-VPN IP address + timestamp, which is enough to go to the in-country ISP and demand identity information.

                This is without even getting into the issues with the file hash submission (check if user is using HASH(tor.exe)) or DNS leaks (makes poisoning responses easy!).

                Maybe "spying" is the wrong term; maybe its better phrased as enabling spying, because they can certainly do that. Microsoft has baked in even more juicy capabilities, like the ability to serve custom updates to particular cohorts of Windows installations. It's not like China would ever coerce a vendor into pushing custom keyword detection lists to client software, right?

                Comment


                • Originally posted by ll1025 View Post

                  This is somewhat late to the party but I want to respond here. I did some network analysis with fiddler back when Win10 came out and one of the things that stuck out was how much data was leaking:

                  * Frequent pings to MS servers with installation GUID + IP address
                  * By default, hashes of launched executables
                  * terms typed into start menu (for bing search function)
                  * An all-interface DNS strategy that could frequently leak DNS queries off of unencrypted interfaces

                  And much more. Some of this can be disabled, but the pingbacks cannot and are sufficient on their own to trivially unmask e.g. a dissident using a swiss based VPN. All a nation-state needs to subpoena Microsoft for a few bits of information-- the GUID associated with the VPN-based actor, all other IPs associated with that GUID, and timestamps for when those connections occurred. You can then trivially determine the pre-VPN IP address + timestamp, which is enough to go to the in-country ISP and demand identity information.

                  This is without even getting into the issues with the file hash submission (check if user is using HASH(tor.exe)) or DNS leaks (makes poisoning responses easy!).

                  Maybe "spying" is the wrong term; maybe its better phrased as enabling spying, because they can certainly do that. Microsoft has baked in even more juicy capabilities, like the ability to serve custom updates to particular cohorts of Windows installations. It's not like China would ever coerce a vendor into pushing custom keyword detection lists to client software, right?
                  I'm glad you've replied. Now tell me honestly, which parts of these are private user's files, contacts, visited URLs? Nothing? Speaking of sending the hashes of launched executables - many AV solutions do exactly that, and no one is screaming that they are all spying on the user.

                  And half of what you've shown Firefox does out of the box.

                  Comment

                  Working...
                  X