TPM & disk crypto
James A. Donald
jamesd at echeque.com
Mon Oct 9 06:03:40 EDT 2006
Erik Tews wrote:
> What you do is, you trust your TPM and your BIOS that they never lie to
> you, because they are certified by the manufature of the system and the
> tpm. (This is why it is called trusted computing)
>
> So if you don't trust your hardware and your manufactor, trusted
> computing is absolutely worthless for you. But if you trust a
> manufactor, the manufactor trusts the tpms he has build and embedded in
> some systems, and you don't trust a user that he did not boot a modified
> version of your operating system, you can use these components to find
> out if the user is lieing.
Well obviously I trust myself, and do not trust anyone else all that
much, so if I am the user, what good is trusted computing?
One use is that I can know that my operating system has not changed
behind the scenes, perhaps by a rootkit, know that not only have I not
changed the operating system, but no one else has changed the operating
system.
Further, I can know that a known program on a known operating system has
not been changed by a trojan.
So if I have a login and banking client program, which communicates to
me over a trusted path, I can know that the client is the unchanged
client running on the unchanged operating system, and has not been
modified or intercepted by some trojan.
Further, the bank can know this, and can just not let me login if there
is something funny about client program or the OS.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list