Content deleted Content added
→Disk encryption: ce |
|||
Line 159:
The [[TrueCrypt]] disk encryption utility, as well as its derivative [[VeraCrypt]], do not support TPM. The original TrueCrypt developers were of the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer". The attacker who has physical or administrative access to a computer can circumvent TPM, e.g., by installing a hardware [[keystroke logger]], by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. The condemning text goes so far as to claim that TPM is entirely redundant.<ref>{{Cite web |title=TrueCrypt User Guide |url=https://www.grc.com/misc/truecrypt/TrueCrypt%20User%20Guide.pdf |website=truecrypt.org |publisher=TrueCrypt Foundation |via=grc.com |date=7 February 2012 |page=129 }}</ref> The VeraCrypt publisher has reproduced the original allegation with no changes other than replacing "TrueCrypt" with "VeraCrypt".<ref>{{cite web | url=https://www.veracrypt.fr/en/FAQ.html |title =FAQ |website=veracrypt.fr |publisher=IDRIX | date=2 July 2017 }}</ref> The author is right that, after achieving either unrestricted physical access or administrative privileges, it is only a matter of time before other security measures in place are bypassed.<ref>{{Cite web |last=Culp |first=Scott |date=2000 |title=Ten Immutable Laws Of Security (Version 2.0) |url=https://technet.microsoft.com/en-us/library/hh278941.aspx |url-status=dead |archive-url=https://web.archive.org/web/20151209191417/https://technet.microsoft.com/en-us/library/hh278941.aspx |archive-date=9 December 2015 |access-date= |website=[[TechNet Magazine]] |publisher=[[Microsoft]] |via=[[Microsoft TechNet]]}}</ref><ref>{{Cite web |last=Johansson |first=Jesper M. |date=October 2008 |title=Security Watch Revisiting the 10 Immutable Laws of Security, Part 1 |url=https://technet.microsoft.com/en-us/library/2008.10.securitywatch.aspx |url-status=dead |archive-url=https://web.archive.org/web/20170410043155/https://technet.microsoft.com/en-us/library/2008.10.securitywatch.aspx |archive-date=10 April 2017 |access-date= |website=[[TechNet Magazine]] |publisher=[[Microsoft]] |via=[[Microsoft TechNet]]}}</ref> However, stopping an attacker in possession of administrative privileges has never been one of the goals of TPM (see {{Section link||Uses}} for details), and TPM can [[cold boot attack|stop some physical tampering]].<ref name=":0" /><ref name=":1" /><ref name=":2" /><ref name="TCPA" /><ref name="SetPhysicalPresenceRequest" />
In 2015 [[Richard Stallman]] suggested to replace the term "Trusted computing" with the term "Treacherous computing" due to the danger that the computer can be made to systematically disobey its owner if the cryptographical keys are kept secret from them. He also considers that TPMs available for PCs in 2015 are not currently{{clarify timeframe|date=December 2022}} dangerous and that there is no reason '''not''' to include one in a computer or support it in software due to failed attempts from the industry to use that technology for [[Digital rights management|DRM]], but that the TPM2 released in 2022 is precisely the "[[Trusted Computing|treacherous computing]]" threat he had warned of.<ref>{{Cite web|title=Can You Trust Your Computer? - GNU Project - Free Software Foundation|url=https://www.gnu.org/philosophy/can-you-trust.en.html|access-date=2023-09-06|website=www.gnu.org}}</ref>
== Attacks ==
| |||