bri3d a day ago

Being able to sniff a key as it transits a local bus is a very different kind of compromise of "trust" than believing that something is preemptively backdoored by a threat actor. It is deeply mysterious that Microsoft don't simply use TPM encrypted sessions to prevent this, though.

Reply View 6 replies
  • dylan604 a day ago

    Isn't this yet another example of if they have your physical machine, it's already game over?

    Reply View 5 replies
    • bri3d a day ago

      No? Any modern disk encryption system with a strong passphrase (basically, anything but default-BitLocker) is very effective against "they have your physical machine and it's off" for any known, current adversary. And, the basic cryptography in use is common, robust, and proven enough that this is probably true even if your tinfoil hat is balled quite tightly.

      Where modern research effort goes is into protecting against "they HAD your physical machine and they gave it back to you" or "they got your machine while it was on/running" - these are much more difficult problems to solve, and are where TEE, TPM, Secure Boot, memory encryption, DMA hardening, etc. come into play.

      Reply View 3 replies
      • uncanneyvalley a day ago

        Disagree. If one has physical access to your machine, they also have physical access to you. Practically everyone is vulnerable to rubber hose cryptanalysis.

        Reply View 1 reply
        • andrewflnr a day ago

          Right, because every stolen laptop automatically comes with an abduction of the owner? No, getting "hardware access" to a human is much harder (more expensive in the best case and riskier in terms of drastic punishment) than for a laptop, even more so if you want to go undetected.

          Reply View 0 replies
      • dylan604 a day ago

        You're talking much more hypothetical than the actual situation that was linked up stream from here. Context is crucial

        Reply View 0 replies
    • [removed] a day ago
      [deleted]
      Reply View 0 replies