[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Secure key handling using the TPM

Secure key handling using the TPM

Posted Oct 19, 2018 7:54 UTC (Fri) by jgg (subscriber, #55211)
In reply to: Secure key handling using the TPM by mjg59
Parent article: Secure key handling using the TPM

It isn't taking the disc that worries people, it is copying it.

If I borrow your computer, disassemble it, clone the disk, then put it back, you have no idea it was stolen and I can access your data as soon as I observe the passphrase through some means.

With the TPM even if I do all of these steps I can't decrypt the copy of the drive as I need the physical TPM as well.

Of course if I steal the entire computer then more options are possible, but at least you'll know the computer was stolen and can take counter-mesaures, ie re-keying online accounts, etc.

to post comments

Secure key handling using the TPM

Posted Oct 19, 2018 8:42 UTC (Fri) by mjg59 (subscriber, #23239) [Link] (2 responses)

So the threat model is one where I have physical access to your computer before I know your passphrase, but don't afterwards?

Secure key handling using the TPM

Posted Oct 19, 2018 15:44 UTC (Fri) by jejb (subscriber, #6654) [Link] (1 responses)

A couple of observations on this argument:

Firstly neither system protects the case where the attacker got the passphrase by looking over your shoulder and then runs off with your laptop because even in the bitlocker case the measurements won't change when the attacker unlocks.

Secondly, I think there is value to having the TPM dictionary attack protections against brute forcing the password. I don't buy the argon2id brute forcing argument because most people do have insecure passphrases which a dictionary attack will eventually crack given enough compute power. I also don't buy the idea that training people not to use memorable words is the way forward because then they tend to write them down (especially if you force them to change their unmemorable passphrase every couple of months), so TPM DA protections do give benefits in the average user case where they're using a memorable word as the passphrase.

Plus simply placing the decryption key in the TPM is a big step towards implementing policy based protections around it, so it would be a good first step to take regardless of any additional security benefits.

Secure key handling using the TPM

Posted Oct 20, 2018 12:58 UTC (Sat) by mjg59 (subscriber, #23239) [Link]

argon2id is sufficiently RAM intensive that you're going to need to throw significant resources at it even if the user is using a low entropy password. If the user's using a high entropy password then it's effectively unbreakable, whereas a TPM is, well, not. I definitely think there's value in using TPMs, but for this kind of thing I think there's more value in trying to reduce PCR fragility and using them as a way of improving user experience.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds