On 10/15/07, Michael Halcrow <[EMAIL PROTECTED]> wrote: > On Mon, Oct 15, 2007 at 10:23:22PM +0200, Alon Bar-Lev wrote: > > This has nothing to do with TSPI... As you need passphrase to access > > TSPI, right? And what do you do with this passphrase? Having a > > security credentials without "something you know" somewhat make the > > whole idea redundant. > > TSPI seals your key to a system state, based on the PCR values of the > TPM. There is no additional protection of the key (or, more > accurately, of the ability to use the key) beyond the PCR values > having to match. The secret key is always locked in the TPM; no matter > what information is in the user's session keyring, it is useless > unless the system's PCR values are set correctly.
So I can read the encrypted files at any point in time... I don't see any benefit in encryption using static keys. Alon. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ eCryptfs-devel mailing list eCryptfs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel
