On 8/17/07, Ivan Krstic <[EMAIL PROTECTED]> wrote: > How so? If your computer goes bad, you need a *backup*. That's > entirely orthogonal to the drive encryption problem.
One of the functions provided by the TPM is to wrap/bind and store the bulk encryption keys. Now let's us say the mother board or the TPM goes bad on your notebook or you simply want to upgrade the computer. You need to be able to restore+transfer the information stored in the TPM to your new computer. This is where you need TPM management suite that support key backup/restore and transfer. A large company's (name withheld) strategy regarding TPM was to ignore it. Not too long ago few key engineers from that company decided that a TPM enabled encrypted vault would be good place to secure their documents. Somehow they managed to lock themselves out of the encrypted vaults (maybe forgotten password / or lost keys). Had that company not ignored the TPM and instituted a key backup/archive program, the engineers would have been able to recover their confidential documents. We can blame the engineers, but at the end of the day it was the whole company that lost money and valuable design documents. saqib http://security-basics.blogspot.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]