1996-11-16 - Re: ideal secure personal computer system

Header Data

From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
To: cypherpunks@toad.com
Message Hash: 1dbd09a27abe919f6e17b191fc7c4491e5cd97eda4c7c0e47779d4781e870bf7
Message ID: <0mXHB5200YUe0teHk0@andrew.cmu.edu>
Reply To: <l03010605aeab7149a687@[152.3.87.2]>
UTC Datetime: 1996-11-16 03:23:57 UTC
Raw Date: Fri, 15 Nov 1996 19:23:57 -0800 (PST)

Raw message

From: Jeremiah A Blatz <jer+@andrew.cmu.edu>
Date: Fri, 15 Nov 1996 19:23:57 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
In-Reply-To: <l03010605aeab7149a687@[152.3.87.2]>
Message-ID: <0mXHB5200YUe0teHk0@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Adam Gulkis <lordvidarr+@CMU.EDU> writes:
> a locked startup disk is not a good idea, if it is even possible.
> Most applications setup scratch space on the startup volume. 

It is possible, although it does break things, for example ResEdit and
AppleTalk. Then again, locking a disk doesn't gain you much security.

> It would
> be a better idea to setup a partition for applications and lock it, if
> you feel that is necessary.  Norton DiskLock is a nice tool that
> provides a startup password protection as well as screensaver
> password.  It will request a password if the machine sleeps or to
> reboot after a crash.

A good locking screen saver is essential, however, a driver level
password checker (which is what I assume Norton is) is not that
helpful. 
"Look ma! I stole Adam Gulkis's hard disk, now the secrets of the
 screaming viking lie open before me!" 
"That's nice dear, why don't you pop it in the machine and show your
 father?" 
"Okay <rummages with screwdrivers> Awww, Jeez, he used Norton
 DiskLock, I can't mount the drive."
"Here's a Silverlining disk, just 'update' the driver."
"Aw, thanks mom!"

You really do need to encrypt the drive, otherwise methods such as
replacing the drivers or reading the disk with a microscope will
extract the data quite easily.

A friend of mine just got back from a kerberos conferance at MIT, at
dinner one night they were talking about fun-n-easy ways to extract
data from a machine. One of them mentioned that after a while, a "on"
bit in RAM tends to leak out onto the surrounding sillicon, providing
a record of your memory. I'd imagine that your PGP passphrase sitting
in one location in memory for a few days would burn itself in pretty
good. The solution to this problem is to invert your RAM every once in
a while, so each bit is on and off for about the same amount of time.
I wonder if it'd be possible to build a device that goes between your
motherboard and your SIMMs that would invert and decode your RAM. I
could see wierd timing issues popping up, but I don't know enought
about OSes and computer architecture to know.

Of course, no computer is "secure" without a thermite charge above the
hard drive, and a tamper-resistant case.
"Well, Billy, the Sevret Service is here, they want to take away your
 computer (and telephone, and cassette tapes ,and etc.)"
"Okay, mom. It's right over here, Mr. Scarry Secret Service dude."
<lift> "Ffffffts"
"Hey, Billy, what's that smoke coming out of your computer?" 

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMo0zPskz/YzIV3P5AQELwwMAgvAXIyzTpr6L4Niuy8G+dxzdRxNMBXB2
T8GvoXSLnD5DId/pefMHuKBg2qbKwUyEiQJH9wlUaY2Iq6XO4/nU5lMxyFUkkMbN
8Uah5HDxJ3r/UxWRXGFYXbaKlxuSkw0F
=edZH
-----END PGP SIGNATURE-----





Thread