On Mon, 8 May 2006, Michael Halcrow wrote:
So it saves us from an attacker who has the ciphertext *and* access
to one of the machines, but who can't login as me or otherwise
convince the OS to ask the TPM for the key
You have the basic idea.
Okay, so for that threat, the TPM's protection is useless if the OS doesn't
bother to authenticate me, so I'm going to have to authenticate somehow, via a
passphrase or token of some sort. But then why not just use PGP to keep the
keys for my ciphertext encrypted against a similar passphrase or token? So,
the encrypted keys for my USB drive are on my machine (and any other machines
I need to access the disk from), so you have nothing to brute force
passphrases against without access to one of the authorized machines.
Correct?
Are there any other attacks it prevents?
Most of the uses that I am interested in have to do with machines in a
corporate environment. Remote attestation generally leaves a bad taste
in my mouth, but I can think of a few cases where I might be willing
to make that tradeoff. For instance, I might not complain about a
Yeah, remote attestation freaks me out too. So that's my main goal in all of
this inquiry -- /apart/ from remote attestation, is there any reason I'd want
a TPM?
(In fact, I'm tempted to jump into the attestation debate and make some points
about banks and game consoles, but it seems to me that the debate always ends
up getting mired down there, and nobody gets around to considering the claims
that this stuff is going to improve my life in other ways.)
-J
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
