Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increase the minimum startup PIN length #63

Closed
pathei-kosmos opened this issue Jul 12, 2023 · 2 comments
Closed

Increase the minimum startup PIN length #63

pathei-kosmos opened this issue Jul 12, 2023 · 2 comments
Assignees
Labels
Suggestion ⚡ Label used to describe New Security Measure Suggestions

Comments

@pathei-kosmos
Copy link
Contributor

pathei-kosmos commented Jul 12, 2023

Many AMD processors (Zen 2 & 3 architectures; 3000, 5000 series...) use a firmware implementation of the TPM, the fTPM (equivalent to Intel's "Platform Trust Technology", but slightly different). Researchers have just found new attacks against this form of implementation, which make it possible to completely break the fTPM and reveal its internal state. Interestingly, using a fairly complex password means you can still maintain an adequate level of security, even with a cracked fTPM. As shown in the paper (p.11), with a compromised fTPM, a 10-character PIN will only last 34 minutes against a brute-force attack:

image

As 10 characters is the minimum length currently requested by the script, I propose to lengthen it a bit. The researchers conclude (p.13):

Our case study shows that FDE implementations must employ standalone anti-brute-force measures beyond the sealed TPM object as BitLocker does (5.3.2). If the TPM is compromised, this upholds the protector’s confidentiality to a degree a (non-TPM) PIN/password-only protector can achieve. The security of such a method dramatically depends on the length and complexity of the PIN or password, so strong requirements regarding its length and character set should be considered.

@pathei-kosmos pathei-kosmos added the Suggestion ⚡ Label used to describe New Security Measure Suggestions label Jul 12, 2023
@HotCakeX
Copy link
Owner

HotCakeX commented Jul 12, 2023

Hi,
Unless there is a reliable way to detect AMD CPU generations between 3000-5000 so that the script can apply different policies for them (haven't found any yet), I think increasing the PIN's minimum length requirement can potentially discourage people from using it in the first place 🫤

Since the attack needs physical access to the device, imo users considered high value targets and susceptible to this attack should consider upgrading their hardware to AMD 7th gen CPU or an Intel CPU that doesn't have this vulnerability, or better yet, get a secured-core PC

Edit:

AMD users with vulnerable CPUs can of course still set a long complex PIN to stay secure, it's just the script doesn't enforce it by default on everyone.

@pathei-kosmos
Copy link
Contributor Author

Fair point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Suggestion ⚡ Label used to describe New Security Measure Suggestions
Projects
None yet
Development

No branches or pull requests

2 participants