undefined | Better HN

0 pointsAshamedCaptain5y ago0 comments

Full disk encryption is still be broken, given a decade or 3. You might care about that risk or not, but the fact is still there.

The point still is that if the attacker has unencumbered access to your device then indeed _further_ use of the device is unrecommended to say the least. It doesn't matter if you had or did not have full disk encryption. It does not matter if you had or did not have Thunderbolt.

An extremely low tech solution would be to place a smallish and tactically hidden camera on the chassis, you don't even need the screwdriver for that. And it just happens all the time on ATMs and I'd bet that like on ATMs it would fool a shitton of people.

And this story is precisely about the type of attack that "requires further user input" -- what would be the point of requiring Thunderbolt at all in the first place if you already have the system in pieces?

0 comments

xoa5y ago

> Full disk encryption is still be broken, given a decade or 3.

What? FDE is all symmetric crypto, long since 256-bit, and I think all AES. AES is extremely well understood, and the threat scenario for FDE is also purely cold attacks so even any side channels are irrelevant. I've never seen any feasible attack suggested even in principle, so I'm curious what you have in mind in 10-30 years. If you're thinking "quantum computers", you've gotten confused. Against symmetric keys those only provide at best square root(n) speed up via Grover's Algorithm, essentially halving the key size space. But 128-bit is still infeasible to search, and it'd be trivial to counter anyway by doubling the key length. It's only against current asymmetric cryptosystems that Shor's Algorithm can apply in principle (if if Big-If an actual scalable general purpose QC can actually be built).

AshamedCaptainOP5y ago

I simply measured the time it took from the introduction of DES to when it was no longer "recommended" and substracted the years since AES was standarized, then added a decade of margin of error.

It does not sound to me far fetched to think that AES will be similarly "unrecommended" in such amount of time even if there is absolutely no evidence right now.

xoa5y ago

Oh, so you just made it up out of whole cloth with zero understanding of the actual math? I guess that answers my question then.

1 more reply

fomine35y ago

I still doubt about how TPM is durable against attackers.

j / k navigate · click thread line to collapse

0 pointsAshamedCaptain5y ago0 comments

Full disk encryption is still be broken, given a decade or 3. You might care about that risk or not, but the fact is still there.

0 comments

xoa5y ago

> Full disk encryption is still be broken, given a decade or 3.

AshamedCaptainOP5y ago

I simply measured the time it took from the introduction of DES to when it was no longer "recommended" and substracted the years since AES was standarized, then added a decade of margin of error.

It does not sound to me far fetched to think that AES will be similarly "unrecommended" in such amount of time even if there is absolutely no evidence right now.

xoa5y ago

Oh, so you just made it up out of whole cloth with zero understanding of the actual math? I guess that answers my question then.

1 more reply

fomine35y ago

I still doubt about how TPM is durable against attackers.

j / k navigate · click thread line to collapse