Hi,
On 13/01/21 19:29, Илья Шипицин wrote:
ср, 13 янв. 2021 г. в 22:01, Jan Just Keijser <janj...@nikhef.nl
<mailto:janj...@nikhef.nl>>:
Hi,
On 13/01/21 17:20, Илья Шипицин wrote:
> Hello,
>
> if user save password, it might be stolen from well known location
> (there are popular password stealers).
>
> in theory, is it possible to keep password in tpm ? will it prevent
> password from being stolen ?
>
in theory, yes, but as always, it depends on the circumstances.
With TPM 1.2 you can only store a very limited amount of data in
the TPM
chip; the (open source) implementation I have seen (tss, trousers)
store
I meant openvpn-gui + user/password authentication + password is kept
in registry encrypted by data protection api (not clear text, but
might be decrypted and stolen easily).
trousers is linux, right ?
ah yes, indeed, trousers is Linux; I guess I defaulted to Open source
software for an open source VPN ;)
As for storing any old password in a TPM: yes that seems possible in
Windows 10 (with the right TPM support, I presume). For example, this
https://superuser.com/questions/1527685/how-to-remove-webauthn-credentials-from-onboard-tpm-on-win10-device?rq=1
posts that someone wants to *get rid* of edge/chrome authn details
stored in the TPM.
Could be that support for this is also present in chromium, which means
you should be able to find the source code that does this.
HTH,
JJK
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel