[Cryptography] Millions of high-security crypto keys crippled by newly discovered flaw

Theodore Ts'o tytso at mit.edu
Tue Oct 17 13:55:57 EDT 2017

On Mon, Oct 16, 2017 at 06:25:18PM -0700, John Gilmore wrote:
> Today's revelation that Infineon "Trusted Platform Module" TPM chips
> produce insecure RSA keys has a bright side.  Those chips were largely
> created for Internet-based DRM schemes.  It means that it should be
> possible to take a public key generated by such a TPM chip, factor it
> to produce the matching private key, and then break the DRM by signing
> or "attesting" to any damn thing the corporate mothership wants to
> hear.

I'm not aware of any DRM schemes which use the TPM's.  That was a
hope, but it turned out to be a support nightmare for general consumer
use.  So Netflix, Hulu, etc., all use embedded keys in applications,
and they do not use TPM technology.

The primary use of TPM's has been limited to a few, highly
sophisticated enterprise use cases for controlling access to their
Intranet.  And it's mostly involved custom software, both on the
client and management end of things.  Some of the enabling changes to
open source software has been contributed back upstream, such as
wpa_supplicant, but not in any coherent way that someone could use it
in a turn-key fashion for securing, say, the internal I/T
infrastructure for a NGO or US political party to protect it from
infiltration by hostile nation-state entities...

> Is this sort of scheme used to force registration of Microsoft OS's,
> perhaps?  Or require that modern x86 tablets can only boot Microsoft
> OS's?  Or secure Blu-Ray drives, maybe?  Howabout that
> turncoat-Tim-Berners-Lee-approved DRM-for-websites that the quislings
> at Mozilla have already secretly rolled out by having "free software"
> Firefox quietly download, install and run a secret proprietary binary
> plugin after you install it?

All or most of what you've listed above doesn't involve TPM's.  For
example, the requirement that some modern x86 tablets can only boot
Microsoft signed OS's (which can include some enterprise Linux distro
kernels, but yes, only on Microsoft's sufferance) is based on UEFI's
Trusted Boot feature, but that doesn't involve use of the TPM on the
client machine.  It's _possible_ that the signing key used to sign the
OS kernels which a locked-down x86 UEFI system is allowed to boot was
generated on a Infineon TPM module, but in general the hardware
signing modules used for these sorts of applications are purpose built
devices, such as this:


... and since the the market for such HSM's includes government/miltary
users that require high levels of FIPS certification, it's unlikely
that the be-as-cheap-as-possible-so-you-dont-inflate-the-BOM-cost
units such as the Infineon chip would get used.  These are specialized
units which cost $$$ so you can afford to use something better than a
TPM chip which is slow has heck and which main feature is that it is
priced out in millicents.

Bottom line, you can probably use the TPM hack to be able to break
into various company's WiFi networks (if KRACK didn't leave the door
wide open anyway).  And it's certainly interesting to look into what
else might be jepordized by the TPM failure.  But the reality is that
TPM's have never been all that widely used, and certainly not in the
DRM arena.


					- Ted

More information about the cryptography mailing list