[Cryptography] TPM and SHA-1
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Mar 1 19:28:33 EST 2017
Perry E. Metzger <perry at piermont.com> writes:
>TPM 1.2 specified SHA-1, but I noted in some documentation that TPM 2.0 seems
>to still have SHA-1 in addition to SHA-256 as an accepted algorithm. Is this
>the case? Does this mean that breaks to SHA-1 potentially can be used against
>TPM 2.0 as well?
You're asking the wrong question. It's not "will a SHA-1 break affect TPM
2.0" it's "will the current break affect TPM version anything?" (no), and
"will a more standard collision attack affect TPM version anything?", which is
a bit more complex. The most common use of TPMs is just key storage
(Bitlocker etc), for which SHA-1 problems are irrelevant. Then there's
attestation, which is... how lost in the noise floor is usage of that? I'm
assuming someone must be using it for something, but is it used anywhere where
it's worth attacking? And given the way SHA-1 is used for attestation, is
there a feasible attack?
Peter.
More information about the cryptography
mailing list