And when SHA-256 get's broken what happens? The best public cryptanalysis had 41 of 64 rounds in SHA-256 figured out 4 years ago. Where do we think the NSA has got with that? We already know they have unpublished attacks against MD5 that are better than anything else out there thanks to Flame.
Secure Boot is going to do exactly nothing to stop the NSA. They can just ask Verisign for signed binaries using the key of unsuspecting Asian manufacturer. In fact, if I was a non-US organisation I'd consider Secure Boot a massive threat for exactly this sort of reason. Suddenly all my trust infrastructure is based on trusting the Verisign and the US government not to screw me? No thanks.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2012-06-08 07:32 am (UTC)Secure Boot is going to do exactly nothing to stop the NSA. They can just ask Verisign for signed binaries using the key of unsuspecting Asian manufacturer. In fact, if I was a non-US organisation I'd consider Secure Boot a massive threat for exactly this sort of reason. Suddenly all my trust infrastructure is based on trusting the Verisign and the US government not to screw me? No thanks.