Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday, December 10, 2019 12:05:52 PM MST Przemek Klosowski via devel 
wrote:
> On 12/10/19 1:04 PM, Kevin Kofler wrote:
> 
> > Przemek Klosowski via devel wrote:
> > 
> >> 3) Multiple keys allow creating backup keys, preventing the data loss
> >> scenario Kevin is worried about. Of course this assumes that the UX for
> >> creating backup keys exists, and that people actually do that---but it's
> >> possible in principle.
> > 
> > The backup key is useless in that scenario if you cannot export it to
> > another TPM, and isn't preventing such an export the whole point of the
> > TPM technology?
> 
> 
> Of course, the primary private key cannot be extracted from the original 
> TPM. The easiest key recovery scheme would have two encrypted copies of 
> the media encryption keys, one encrypted with the TPM-secured key and 
> another encrypted with the backup/recovery key that you keep in a 
> separate 'enterprise' key backup system. Here's one paper describing TPM 
> key backup/recovery:
> 
> https://www.infineon.com/dgdl/Infineon-TPM_Key_Backup_and_Recovery-AP-v01_00
> -EN.pdf?fileId=db3a304412b407950112b41656d7203a

To clarify a bit, the most common method of extracting a key from a TPM has 
been to simply desolder the TPM from the system and solder it onto another 
system. This works with the popular implementations.

-- 
John M. Harris, Jr.
Splentity

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux