Thinkpads Forum

I activated the security chip and I didn't like it. So I deactivated it in Windows. Now every time when I turn on computer,
my computer checks the security chip status and the dialog box says that security chip is deactivated.

Problem is how I can disable security chip and get rid off that security chip status check?
That security check only delay starting windows.

Uninstall Client Security Solution.
(You can still use fingerprint to logon)

Now restarting the computer is much faster. And it's nice that finger print reader still works.

Loaded wrote:Now restarting the computer is much faster. And it's nice that finger print reader still works.

Yours may work but mine does too little of the time. I also want to disable my fingerprint reader. It drives me nuts sometimes. Quite frequently I have to swipe many many times. This morning I must have swiped over 40 times. That's ludicrous.

Muse, These fingerprint scanners are very sensitive to low skin temperature and work poorly with dry skin. Try moistening your finger slightly. Spit works.

steveg47 wrote:Muse, These fingerprint scanners are very sensitive to low skin temperature and work poorly with dry skin. Try moistening your finger slightly. Spit works.

Yup, spit works. I knew that. I thought it might be because I'd washed my hands shortly before doing my initial scans, the ones that the software uses for matching. Is it not true that if you do those scans without having your hands a bit moist you won't have to moisten them to get past the security check?

What use is the security chip?

In theory, the security chip is a "more secure" way of encrypting/decrypting sensitive information. However, the use is rather limited since the only application that I've used with the security chip is the ThinkVantage Password Manager; I tried replacing Mozilla's software security device with the PKCS 11 module from CSS 7, but it appears there's a compatibility issue somewhere.

The general theory of the security chip is this: the program interface sends data to the chip and some extraneous data about the user and the function the chip should execute. The chip encrypts or decrypts the data using keys stored in the chip's memory (which can be erased via the BIOS Security menu) and returns the translated message. The claim that it is better or more secure is based on the fact that the keys used to encrypt/decrypt data are stored on the chip itself and cannot be accessed, thus someone who steals your password manager database will also need to steal that hardware chip to get the keys.

However, the security chip and fingerprint reader adds zero actual security to the actual computer (barring power-on password); it only adds a secure password manager. If a poor password is chosen, such as a common dictionary word, it doesn't matter how well you encrypt it with the chip because anyone guessing common dictionary words will eventually get into whatever was protected. The security chip only adds the "convenience" of having the passwords stored electronically for auto-filling and auto-submitting in a secure manner.

The hardware solution may be considered a bit of an overkill - examine Mozilla's software security device (with the master password enabled). Broadly speaking, the software security device in Mozilla applications uses a key based on a master password that gets entered (at least) once a session. One could argue for fun that the software security device is more secure because the key is not stored on the computer's hardware nor software.

The anti-hammering delay feature of the security chip make breaking the password somewhat more difficult.

http://forum.thinkpads.com/viewtopic.php?t=38260

Questions:

I believe I read in an XP text that a hacker or laptop theif can unencrypt XP encrypted files because the encryption keys are on the drive. I removed the keys to a cd on my last computer.

1. Does the CSS program tie the XP keys to a key or keys on the chip for an added layer of security? If I use CSS do I still need to remove the XP keys?

2. Does a "split" key enhance security?

Thank you.

Ken Cohen