New DoD encryption mandate
Ali, Saqib
docbook.xml at gmail.com
Sat Aug 18 22:09:39 EDT 2007
On 8/17/07, Ivan Krstic <krstic at solarsail.hcs.harvard.edu> wrote:
> How so? If your computer goes bad, you need a *backup*. That's
> entirely orthogonal to the drive encryption problem.
One of the functions provided by the TPM is to wrap/bind and store the
bulk encryption keys. Now let's us say the mother board or the TPM
goes bad on your notebook or you simply want to upgrade the computer.
You need to be able to restore+transfer the information stored in the
TPM to your new computer. This is where you need TPM management suite
that support key backup/restore and transfer.
A large company's (name withheld) strategy regarding TPM was to ignore
it. Not too long ago few key engineers from that company decided that
a TPM enabled encrypted vault would be good place to secure their
documents. Somehow they managed to lock themselves out of the
encrypted vaults (maybe forgotten password / or lost keys). Had that
company not ignored the TPM and instituted a key backup/archive
program, the engineers would have been able to recover their
confidential documents. We can blame the engineers, but at the end of
the day it was the whole company that lost money and valuable design
documents.
saqib
http://security-basics.blogspot.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list