Secure Startup is primarily designed to prevent laptop thieves and other unauthorized users with physical access to a computer from getting access to the data on the system. Secure Startup uses a chip called the Trusted Platform Module, or TPM, which offers protected storage of encryption keys, passwords and digital certificates. Vista uses this capability to verify that a PC has not been tampered with when it starts up and to protect data through encryption.
… and how will it safe gaurd againt your forgetting the password?
If you think you can’t remember a password (or passphrase), please don’t use this feature. Simple huh? Filesystem encryption is not a new thing, and people who can’t remember their passphrases lose the data. Period. That’s the whole point to it.
Perhaps they could use biometrics in some future version. But then you are in trouble if the person who protected your data no longer is available.
Passwords are probably the best solutions in in most cases. Write it down on a piece of paper that you lock into a safe where it only can be accessed by people authorized to view the information that is protected by the password.
They used to say it was not for DRM. Now they say it _can_ be used for DRM, but is actually for security. … security, you could achieve without bad effects of the DRM-enabling technology.
http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.php
To service the computer the Secure Startup can be disabled. That means anyone with the right tools can bypass the protection.
To move the data there is a master key that is generated at the first setup. Now how many customers will store that on one of thier PC’s harddrive? Read prior statement again.
Also this chip contain the keys to encode/decode the data, that means at some point the keys come out of the chip. Why can’t I tap into that information transfer and get the keys for myself?
Well i don’t know any of the details, but I’d expect the keys would *not* come out of the chip. Rather, you put plaintext in, the chip does the processing, and returns only the result. Of course you can probably eavesdrop on that, but i can imagine there are applications where that isn’t much of a problem.
http://osx86project.org/
You can’t secure anything unless you make hardware a integrated part of the operation of the object your trying to protect.
Can you explain how that site shows “it is cracked”? Exactly what is “cracked”?
Your link — http://osx86project.org — doesn’t show that this has been cracked.
You can’t secure anything unless you make hardware a integrated part of the operation of the object your trying to protect.
Not exactly. It should read “Lack of physical security means lack of assurance of any security.”
Having it all integrated into the device is not 100% assurance that it is safe. For example, the smart card manufacturers are using microwaves and other electronic probes to see how smart cards can be broken into. Using that knowledge, they are improving security for smart cards, though they do not forget that the security device is always in the hands of people who may want to break into it.
aaah. would this be the same TPM that apple uses for the intel platform? :p
I personaly do not have a use for this type of security. On the contrary I would perfer not to have it just creates one more annoying obstical to get around in order to use my computer.
“Microsoft is talking up support for hardware-based security in Windows Vista, though only a sliver of the company’s original plan will make it into the operating system.<b”
Gee, sounds to me like it’s turning out to be like the rest of Vista: XP with Aero…
You’d think a behemoth like MS could churn out an OS on time with the promised features, but it’s already a year late with far less features than promised.
More BS from MS.
You’d think a behemoth like MS could churn out an OS on time with the promised features, but it’s already a year late with far less features than promised.
* Mythical man month.
* MS is is not an open source company, so they loose efficencies that come from OSS.
While they are providing some open source, they call both the NDA restricted limited stuff and the actual OSS the same thing — ‘shared source’ — confusing the issue about what can be used. Because of that, they aren’t likely to get many contributors.
Meanwhile, we have advances in the pure OSS world that are upstaging Microsoft and other companies…to the point that some (like Sun with Solaris) are opening up even more just to keep pace.
Looks like the industry is moving towards implementing Trusted computing hardware into most computing devices (where “applicable”) by 2010 ish……when the OS software is there on the various platforms it’ll be interesting to see what they try and push on consumers and what direction they try and take us……..
I just hope that in the future one will still be able to have the option to buy a computer without any of these security features. Otherwise one will basically have to buy vista to use ones own hardware. I dont care if 99% of people use windows, thats their own choice, but it will really make me angry if I will be left with no choice other than this “trusted” platform.
I just hope that in the future one will still be able to have the option to buy a computer without any of these security features. Otherwise one will basically have to buy vista to use ones own hardware. I dont care if 99% of people use windows, thats their own choice, but it will really make me angry if I will be left with no choice other than this “trusted” platform.
It doesn’t work like that – a TPM driver was introduced into the Linux 2.6.12 kernel a couple of months ago….. – Linux already supports a subset of “TRusted computing” – Linux, Windows, BSD, Mac OS X etc etc will all be able to run quite happily on Trusted Computing hardware. Windows will provide software to interface with the TPM chip, “Linux” will provide software to interface with the TPM chip (some of it’s already in the 2.6.12 kernel) etc etc etc….. Trusted Computing is Operating Sytem agnostic. I can asure you, it’s not a “Microsoft only” thing.
Sounds like the use of “Live CD’s” as a recovery tool will be short lived.
“to prevent laptop thieves and other unauthorized users with physical access to a computer from getting access to the data on the system.”
This is a management / people issue not a technology issue. If you cannot trust the people that your organization hires, then they shouldn’t be hired. Just my .02 cents worth.
TPM could also stand for TOILET PAPER MODULE because eventually every piece of hardware and/or software is defeated, regardless of protection method, just look at the history of computers for the track record.
“TPM could also stand for TOILET PAPER MODULE because eventually every piece of hardware and/or software is defeated, regardless of protection method, just look at the history of computers for the track record.”
That’s the truth!
Any ideas as to how this will influence dual-booting?
Instead of embedding this sort of thing into the computer. Why not put one of these chips on an usb key. this way I could walk around with my pgp/ssh/whatever keys bundled with an encryption/decryption pipe…
Actually, such techniques are complimentary. You could use USB keys to log in, and use TPM to make sure no-one can circumvent that login system, not even by yanking the drive out of the computer or tricks like that.