On 8/17/07, Ivan Krstic <[EMAIL PROTECTED]> wrote:
> How so? If your computer goes bad, you need a *backup*. That's
> entirely orthogonal to the drive encryption problem.

One of the functions provided by the TPM is to wrap/bind and store the
bulk encryption keys. Now let's us say the mother board or the TPM
goes bad on your notebook or you simply want to upgrade the computer.
You need to be able to restore+transfer the information stored in the
TPM to your new computer. This is where you need TPM management suite
that support key backup/restore and transfer.

A large company's (name withheld) strategy regarding TPM was to ignore
it. Not too long ago few key engineers from that company decided that
a TPM enabled encrypted vault would be good place to secure their
documents. Somehow they managed to lock themselves out of the
encrypted vaults (maybe forgotten password / or lost keys). Had that
company not ignored the TPM and instituted a key backup/archive
program, the engineers would have been able to recover their
confidential documents. We can blame the engineers, but at the end of
the day it was the whole company that lost money and valuable design


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to