[LINK] Stolen Laptop [was Re: Consumer computer security]
Johann Kruse
whassaname at gmail.com
Mon Jan 29 01:20:53 AEDT 2007
On 29/01/07, Rick Welykochy <rick at praxis.com.au> wrote:
> Johann Kruse wrote:
>
> > You could upgrade to Windows Vista and use Bitlocker -
> > http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFAQ.mspx
>
>
> "Q. Will BitLocker add any performance impact to a Windows Vista machine?
> A. It is too early to determine performance impact on the Windows Vista
> operating system; however, BitLocker is expected to have a negligible
> affect on day-to-day PC performance."
>
> Heh? AES encryption and decryption cost CPU cycles. Copying data from one
> AES encrypted file to another will be measureably slower than the equivalent
> non-enrypted copy. Microsoft would know this already. We Mac and Linux
> users know this. Even if the AES functions are performed on the chip,
> DMA to/from the chip will take extra time. Why the spin?
>
>
Personally I notice no difference in speed between two laptops of
pretty much identical specs, one with Bitlocker and one without.
That said, I guess I haven't really tried proper benchmarking or
pushing the boundaries - I pretty much tend to stick to Outlook,
Excel, Powerpoint, IE7, and Virtual PC.
> "Unauthorized changing of the BIOS, master boot record (MBR), boot sector,
> boot manager, or other early boot components would cause a failure in the
> integrity checks and keep the TPM-protected key from being released."
>
> You can kiss multi-boot systems goodbye. You can probably kiss running
> Windows on an Intel Mac goodbye as well if you want to use this data protection
> scheme .. well, would the Mac have the required chip? Doubt it.
It won't destroy multi-boot capability -
http://www.schneier.com/blog/archives/2006/05/bitlocker.html
And new Macs come with TPM 1.2 so no problems there -
http://www.osxbook.com/book/bonus/chapter10/tpm/
>
> Howard Lowndes wrote:
>
> >> "BitLocker leverages the 1.2 specification TPM chip"
> > Has anyone seen one of these on a mobo yet?
> > Or are they doing the right thing by avoiding them.
Yes, I have TPM 1.2 in 2 laptops and 1 desktop, and my mate has it in his Mac.
And I guess this could in some ways be (heaven forbid) a
forward-looking thing. Once upon a time computers didn't have maths
co-processors, sound cards, or USB ports built-in - but they seem to
be pretty common now.
--
Johann
--
http://whassaname.net
More information about the Link
mailing list