On 3/16/2013 8:11 PM, Jan Just Keijser wrote:
> thanks for the response. I want to use the TPM as a PKCS#11 device; the
> instructions on the trousers site state that the SRK password needs to
> be empty for that. It indeed does work witn an empty SRK password .
> However, how does this safeguard me when my laptop is stolen? if the SRK
> password always needs to be empty for pkcs#11 use then it's effectively
> a non-password. The thief would need to break my pkcs#11 password, but
> {s}he basically can do a brute-force attack, as the SRK password is known.
> The openssl_tpm_engine does seem to allow different \SRK passwords, so
> that's one step closer, but ideally I would like the key to be in the
> chip itself - it also would safeguard me from hard disk crashes (and bad
> backup policies).
> What I'd like best is to use one of the (three) free slots on the TPM to
> store my RSA key; that way I am certain that when my laptop is stolen
> that the key information is "safe" inside the TPM chip itself (which
> does have dictionary attack counter measures).
I don't understand the attack. A well-known SRK password merely allows
anyone to load your key if the laptop is stolen. It doesn't permit
anyone to use the key without its password
The attacker can't easily do a brute force attack on your key because
it's only in the clear inside the TPM, and the TPM has anti-hammering
protection.
Some TPM's have 'owner evict' key slots, keys that can be loaded and
moved to NV space. However, the key isn't any safer there than on the
disk. It's main use case is provisioning in a software environment that
may not have other storage, like disk.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
