Originally posted by xfcemint
View Post
2: A cipher implementation is only considered secure if it is secure when ONLY the key is private. As soon as implementation details also have to be private, they become in essence a part of the key that is common to all users, an actual security risk. Any nation-state level attacker can X-ray a TPM, count the zeros and ones and draw the schematic, thus reverse engineer every detail of the implementation.
3: Main plus of a TPM on my box would be use as 1/2 of 2FA disk encryption, with key recovery difficult but not impossible for an attacker. Passphrase is other half, but making the encrypted (w the pasphrase) LUKS key hard to get reduces the number of attackers capable of even beginning an attack. Probably locks out local and state police departments, probably does not lock out FBI and Secret Service, definately does not lock out NSA, but all of those still have to try the dictionary attacks etc, and that comes down to how important you are and how many more important machines they have waiting in line for supercomputer time. A quantum computer kills PGP but does NOT kill symmetrical disk encryption or any other symmetrical cipher, just cuts the effective keyspace in half. This is because factoring large primes is not part of the task.
Downside is a closed TPM could be set by its maker to send that key to a remote attacker, running the number of potential attackers back up, and raising the risk of a one-visit attack (e.g. a single raid) scoring after remote preparation. An Evil Maid is a two visit attack, first visit has to be covert. There's a lot to be said for never having the board connected to any network it can read or write too without a key stored on the encrypted disk, unless networking is only physically plugged in post-boot. That could be worked around,but would require the makers of a malicious TPM or CPU to expect and prepare for use of that defense.
Comment