Written by Auzy the 6 Sep 08 at 23:52.
TPM chips are a way of storing private encryption keys on a chip where they cannot be stolen by hackers. The problem with Hard-disk storage of keys, is that hackers simply need to copy the key off.
We could support them in places such as the keychain so that the keychain cannot be decrypted from any computer other then the one you are on. It could also potentially be used for SSH servers, or for HTTPS websites, for signing (and storing the key securely to eliminate MITM attacks later on).
There are many cases where we could greatly increase security by storing our keys in a more secure fashion, because as of now, with root access, servers keys become compromised, but that can be avoided via TCPA.
Description is getting too long, but I would like to say here, that TCPA has gotten a bit of a bad wrap, because its used a lot by DRM, however, its also a VERY secure way of storing private keys, and we should be using it to store all of our keys if possible
Its got nothing to do with DRM or palladium in reality, it just helps with such goals. But its a damned excellent way of improving security too.
TCPA got a bad wrap because of idiots in the media, and the idiot linux crowd who didn't understand it.
The idea behind the TCPA chip is that you can put a key in there, and not extract it. So if your computer is compromised, they CANNOT steal your private key for encryption (because the chip encrypts it too). So this means if I get hacked, my SSL certificate stays secure (and will only ever come from that computer), and it also means my private key for SSH wont be compromised.
Think of TCPA as a write-only, Encryption chip. It wasn't designed to lock users out, and its not about taking freedom or power away or any of that f***ing bullshit. Its for security.
Microsoft for instance isn't using it to lock users out, but for their drive encryption. Get your facts straight !!!!
Yeah, but cold booting attacks would also work as equally on non-TCPA systems then. With physical access you can do anything.
The question is, can TCPA protect keys against hackers who dont have physical access to the system, to a much greater extent then without? With physical access to the system they could compromise the machine anyway with other methods.