[Cryptography] Secure erasure

Ralf Senderek crypto at senderek.ie
Sun Sep 11 09:12:41 EDT 2016


On Sun, 11 Sep 2016, Jerry Leichter wrote:

>> You know that I speak in favour of a *separation* (normal,buggy
>> user machine vs separate. well-designed less vulnerable personal
>> security server) and here the information an attacker can gain is
>> considerably restricted compared with what can be exfiltrated if
>> everything happens on the (ONE) traditional device.
>
> ...which is exactly the point I'm arguing as well:  The general-purpose machine
> will be insecure because it's impractically expensive to make it secure,
> so the right approach is to live with that and create a design where
> security issues in that portion of the machine are irrelevant to the
> security of the system as a whole.
>                                                        -- Jerry

I'd prefer a slightly less absolute adjective, because the unsafe
portion must interact with the (much more) secure portion in one
way or another. In my experience, the handling of access secrets
to the secure portion by the insecure part has to be guarded as
much as it is possible on the insecure machine.

In case of the Crypto Bone for instance, crucial secrets are visible
to a root-user daemon for a tiny time window during the first
stages of the (unsafe) booting machine and are not visible after the
boot process ended. This is not absolute protection of these
secrets but it raises the bar (enough), as you'd say to make the
attacker look for easier ways. To make sure, no easier way can be found,
that's what we can do.


     --ralf


More information about the cryptography mailing list