Comment How do you know? (Score 1) 442
Interesting. So you would prefer to let an undocumented state-machine PRNG, seeded in an undocumented way from the TPMs NVRAM and (alledgedly) randomized with additional entropy input generate your keys?
I can only imagine you did not read the TPM specs. Some excerpts:
'Reporting of Integrity Metrics' of the TPM:
The corresponding public key (of a key pair)
is an identity key, since it is a cryptographic value by which the TPM is known.
And here's the argument for using state-machine with appended SHA1 pseudo RNG instead of a true RNG
This architecture is choosen to provide a good source of randomness data without requiring that the TPM include a genuine source of unpredictable data (which may be expensive).
So they've choosen a 'good' random source instead of the 'best possible' random source to (maybe) reduce production costs. IMHO this is misleading information. A P-N junction noise source costs next to nothing.
Draw your conclusions.