Tweet
Originally posted by Serge
View Post
-
Other than brute force attacks, sure, why wouldn't it be? -
No. If it isnt hacked now, it will be. That goes for anything and everything. Most hacks are not brute force. Most of them use exploits from undocumented behavior.Originally posted by mjg59 View PostComment
-
You didn't say that they all would be hacked. You said they already had been. There are many implementations in the wild that have never been hacked even though hackers have been attempting to, so you're just wrong. History does not guarantee that Secure Boot will be fundamentally compromised.Originally posted by duby229 View PostComment
-
Which brings us full circle again. Like I said we'll see.Comment
-
No, it doesn't. There's the bit where you said history proved that all of these things would be hacked. History doesn't say that. They haven't all been hacked. You're just wrong.Originally posted by duby229 View PostComment
-
Well, I'm not a security expert, and I realize that you are, so I'm not going to make a fool of myself by contradicting you. I'm just surprised, as this is the first time I've seen an actual expert say that unbreakable security is possible.Originally posted by mjg59 View PostComment
-
Well, in practice any given implementation generally turns out to have flaws (I've certainly found flaws in specific Secure Boot implementations, and I have no doubt that there are others), and it's difficult to prove it in advance, so pointing at a specific machine and saying "This is unbreakable" would be a pretty astonishing thing to say. Having said that, the design principles behind Secure Boot itself have been incredibly heavily reviewed - it's effectively the same Authenticode system that Microsoft use for signing drivers and executables, and nobody's demonstrated an exploit against those yet despite it being one of the most attractive targets. It was easier for the Stuxnet developers to use keys that were physically stolen from hardware companies than it was to break the underlying cryptography...Originally posted by Serge View PostComment
-
But they will be. And you'll see.History does show that everything unhackable in fact gets hacked. The security industry may be one step ahead, but thats only because something has to be made before it gets hacked. You think that the cryptography needs to be broken for a hack to be successful, but the truth is that is rarely the case. More often then not the cryptography doesnt get broken. An exploit is found for some behavior that wasnt expected.Originally posted by mjg59 View Post
Anything that hasnt yet been hacked will be.Last edited by duby229; 28 March 2013, 11:18 PM.Comment
-
Who's to say that something similar wont happen here? If enough keys become available then then what is stop it?Originally posted by mjg59 View Post
EDIT: You don't have to break the cryptography. In at least one case that I know of from an ARM device that I have it was the devices own bootloader that was used to break the boot lock. The cryptography was never broken, but it still was effectively unlocked.Last edited by duby229; 28 March 2013, 11:13 PM.Comment
-
An effective blacklisting mechanism?Originally posted by duby229 View Post
Sure, and as I keep saying it's likely that specific implementations will fall prey to this. But a generic flaw that affects all machines with Secure Boot? I doubt it.EDIT: You don't have to break the cryptography. In at least one case that I know of from an ARM device that I have it was the devices own bootloader that was used to break the boot lock. The cryptography was never broken, but it still was effectively unlocked.Comment
Comment