Re: Distributing private key information at install time
Brendan Strejcek <brendan <at> cs.uchicago.edu>
2006-10-27 18:27:37 GMT
(Sorry in advance if I got some of the attribution wrong, the quotes
and forwardings made it a bit complicated.)
<Menno.Willemse <at> johnguest.co.uk> on 04 October 2006 wrote:
> That's secure, but it involves walking up to the machine, which I
> don't want to do. They are in locked rooms or on remote locations.
> Maybe the best solution is just to leave a CD, HD partition or
> floppy in the machine with its crypto-information.
I use a trick to get around this. If I have to install a fresh
operating system on a truly blank machine, I need to physically be at
the console. In that case, however, the machine was usually just
delivered and has not been deployed yet. Once a machine has been
installed, it has the ability to remotely reinstall itself with
several supported operating systems. I use alternative kernels and the
boot loader to accomplish this. Thus, once a machine has been
installed physically once (in most cases) it can be reinstalled
> All security
> flies out of the window as soon as someone can touch the machine
That is not totally true. They may be able to take over the machine,
but they will not be able to compromise confidentiality (that is, you
can encrypt data on the disk).
> If you want to do hands-off, unattended installs, I suppose there
> just isn't a way that's 100% secure.
Yeah, true. There will likely be some trade-off between security and