Ken Goldman wrote:
On 3/16/2013 8:11 PM, Jan Just Keijser wrote:
thanks for the response. I want to use the TPM as a PKCS#11 device; the
instructions on the trousers site state that the SRK password needs to
be empty for that. It indeed does work witn an empty SRK password .
However, how does this safeguard me when my laptop is stolen? if the SRK
password always needs to be empty for pkcs#11 use then it's effectively
a non-password. The thief would need to break my pkcs#11 password, but
{s}he basically can do a brute-force attack, as the SRK password is known.
The openssl_tpm_engine does seem to allow different \SRK passwords, so
that's one step closer, but ideally I would like the key to be in the
chip itself - it also would safeguard me from hard disk crashes (and bad
backup policies).
What I'd like best is to use one of the (three) free slots on the TPM to
store my RSA key; that way I am certain that when my laptop is stolen
that the key information is "safe" inside the TPM chip itself (which
does have dictionary attack counter measures).
I don't understand the attack. A well-known SRK password merely allows
anyone to load your key if the laptop is stolen. It doesn't permit
anyone to use the key without its password
The attacker can't easily do a brute force attack on your key because
it's only in the clear inside the TPM, and the TPM has anti-hammering
protection.
Some TPM's have 'owner evict' key slots, keys that can be loaded and
moved to NV space. However, the key isn't any safer there than on the
disk. It's main use case is provisioning in a software environment that
may not have other storage, like disk.
perhaps I do not understand how TPM encryption works: what I want to
protect is a RSA 2048bit key (coupled to an X509 cert). With a hardware
token, the key is moved "onto" the hardware token and if an attacker
tries to sign data with the key then after N attempts the token blocks.
If I understand it correctly, with the current TPM-pkcs11 setup the keys
are stored on disk, but encrypted by the TPM itself. The TPM is accessed
via the SRK key, which has to be set to a well defined value for
opencryptoki. The keys are furthermore encrypted by the pkcs11 PIN,
which is not stored on the TPM itself. Is that correct? Or is the pkcs11
PIN (and SO-PIN) also stored on the TPM chip? if so, where and how?
If my understanding is correct I could foresee the following attack: a
thief steals my laptop and could do a brute force attack on the pkcs11
PIN to recover my key. The TPM would not lock up , as the SRK key is
known and used. As soon as the pkcs11 PIN is broken the thief can use
the RSA key stored in the pkcs11 device to forge my identity.
What am I missing?
thanks,
JJK
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
