Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment How do you know? (Score 1) 442

Instead of running ssh-keygen I run a client program and tell the chip to generate my keys.

Interesting. So you would prefer to let an undocumented state-machine PRNG, seeded in an undocumented way from the TPMs NVRAM and (alledgedly) randomized with additional entropy input generate your keys?

I can only imagine you did not read the TPM specs. Some excerpts:
'Reporting of Integrity Metrics' of the TPM:
...
The corresponding public key (of a key pair) is an identity key, since it is a cryptographic value by which the TPM is known.
...

And here's the argument for using state-machine with appended SHA1 pseudo RNG instead of a true RNG
This architecture is choosen to provide a good source of randomness data without requiring that the TPM include a genuine source of unpredictable data (which may be expensive).
So they've choosen a 'good' random source instead of the 'best possible' random source to (maybe) reduce production costs. IMHO this is misleading information. A P-N junction noise source costs next to nothing.

Draw your conclusions.

Slashdot Top Deals

Never keep up with the Joneses. Drag them down to your level. -- Quentin Crisp

Working...