Secure key handling using the TPM

Posted Oct 19, 2018 15:44 UTC (Fri) by jejb (subscriber, #6654)
In reply to: Secure key handling using the TPM by mjg59
Parent article: Secure key handling using the TPM

A couple of observations on this argument:

Firstly neither system protects the case where the attacker got the passphrase by looking over your shoulder and then runs off with your laptop because even in the bitlocker case the measurements won't change when the attacker unlocks.

Secondly, I think there is value to having the TPM dictionary attack protections against brute forcing the password. I don't buy the argon2id brute forcing argument because most people do have insecure passphrases which a dictionary attack will eventually crack given enough compute power. I also don't buy the idea that training people not to use memorable words is the way forward because then they tend to write them down (especially if you force them to change their unmemorable passphrase every couple of months), so TPM DA protections do give benefits in the average user case where they're using a memorable word as the passphrase.

Plus simply placing the decryption key in the TPM is a big step towards implementing policy based protections around it, so it would be a good first step to take regardless of any additional security benefits.

Secure key handling using the TPM

Posted Oct 20, 2018 12:58 UTC (Sat) by mjg59 (subscriber, #23239) [Link]

argon2id is sufficiently RAM intensive that you're going to need to throw significant resources at it even if the user is using a low entropy password. If the user's using a high entropy password then it's effectively unbreakable, whereas a TPM is, well, not. I definitely think there's value in using TPMs, but for this kind of thing I think there's more value in trying to reduce PCR fragility and using them as a way of improving user experience.