Other uses of TCPA
Mike Rosing
eresrch at eskimo.com
Sat Aug 3 21:44:58 PDT 2002
On Sat, 3 Aug 2002, AARG! Anonymous wrote:
> The TPM public key is called the Endorsement key - this is the key which
> is signed by the manufacturer and which proves that the TPM is a valid
> implementation of TCPA. Here is what section 9.2 of the TCPA spec says
> about it:
>
> : A TPM only has one asymmetric endorsement key pair. Due to the nature of
> : this key pair, both the public and private parts of the key have privacy
> : and security concerns.
> :
> : Exporting the PRIVEK from the TPM must not occur. This is for security
> : reasons. The PRIVEK is a decryption key and never performs any signature
> : operations.
> :
> : Exporting the public PUBEK from the TPM under controlled circumstances
> : is allowable. Access to the PUBEK must be restricted to entities that
> : have a "need to know." This is for privacy reasons.
And in another message:
I said:
=> In other words, the manufacturer has access to all your data because
=> they have the master storage key.
=>
=> Why would everyone want to give one manufacturer that much power?
AARGH! said:
>It's not quite that bad. I mentioned the blinding. What happens is
>that before the master storage key is encrypted, it is XOR'd with a
>random value, which is also output by the TPM along with the encrypted
>recovery blob. You save them both, but only the encrypted blob gets
>sent to the manufacturer. So when the manufacturer decrypts the data,
>he doesn't learn your secrets.
>
>The system is cumbersome, but not an obvious security leak.
Who owns PRIVEK? Who controls PRIVEK? That's who own's TCPA.
And then there was this comment in yet another message:
>In addition, we assume that programs are able to run "unmolested";
>that is, that other software and even the user cannot peek into the
>program's memory and manipulate it or learn its secrets. Palladium has
>a feature called "trusted space" which is supposed to be some special
>memory that is immune from being compromised. We also assume that
>all data sent between computers is encrypted using something like SSL,
>with the secret keys being held securely by the client software (hence
>unavailable to anyone else, including the users).
Just how "immune" is this program space? Does the operator/owner of
the machine control it, or does the owner of PRIVEK control it? So
the owner of PRIVEK can send a trojan into my machine and take it over
anytime they want. Cool, kind of like the movie "Collosis" where a
super computer takes over the world.
The more I learn about TCPA, the more I don't like it.
Patience, persistence, truth,
Dr. mike
More information about the cypherpunks-legacy
mailing list