New Trusted HW Standard For Windows 8 To Support Chinese Crypto 87
An anonymous reader writes "A new version of the Trusted Platform Module, called TPM2 or TPM 2.0 by Microsoft, has apparently been designed specifically for the release of Windows 8 this week. The details of this new standard have been kept secret. But a major update to the original TPM standard, which came out 10 years ago, seems to have been very quietly released on the Trusted Computing web site (FAQ) earlier this month. Following in the footsteps of the original, this version is quite a challenging read (security through incomprehensibility?). But this new version also seems to support some controversial crypto algorithms that were made public by the 'State Encryption Management Bureau' of China for the first time about 2 years ago. This is roughly the time that Microsoft seems to have begun working in earnest on TPM2, Windows 8, and probably even Surface. But that's probably just a coincidence. This crypto is controversial because of serious EU concerns with domestic restrictions on the implementation, use, and importation of cryptography in China."
Re:Good crypto is born secret, even in the US (Score:0, Interesting)
Is this a joke? You're effectively advocating Security through Obscurity, which is a laughable concept.
Most real encryption techniques are based on something that's in theory publicly knowable but mathematically difficult (as in, hard enough to compute given $$$ processing power that you won't be able to do it in your lifetime). Algorithms that don't fit the bill (because processing technology has gotten better or because they're flawed) are replaced over time by algorithms and key sizes that again fit the bill. The most widely used and secure encryption techniques require no secrecy (except, of course, that you keep your private key secret).
The most interesting part (Score:3, Interesting)
From the FAQ: "TPM 2.0 is intended to be usable for a very broad range of platforms from embedded systems to mobile devices to PCs to servers." In other words, TCG is not dead but actively pushing TPMs to new platforms.
A use case: in case of theft, the permanent storage of your device can be protected against reading the flash memory (of course, assuming your device is locked in the first place) in the same fashion as Bitlocker works on PCs. The secret key with which your corporate data is encrypted can be stored in the TPM bound to a password and/or PCRs. (Assuming, of course, that the TPM itself is not hacked using physical attacks (DPA, etc.). But at least, it raises the bar for the average thief.)
Re:Good crypto is born secret, even in the US (Score:3, Interesting)
The algorithm is intentionally obscure to waste processing time as to make brute forcing it impractical.
The private key (the input to the algorithm) is obscure. The algorithm is typically public. The most widely used ones (like AES) are quite public.
You don't know what you're talking about.
Re:TPM Of Evil (Score:4, Interesting)
Trusted computing has a needlessly bad rap because of kneejerk reactions like this one. In fact it's a flexible and general tool that can be used for many purposes.
Because I'm lazy, I'll just copy and paste a comment I made in another thread about TPM
Ever since TPM was created, we're always just a few bits and bytes away from having it leveraged against us, by them.
And by "us" I mean "the computer users."
By "them" I mean "the hardware manufacturers and software/media companies."
Example: The newest motherboards don't *need* the ability to disable trusted boot. Heck, it'd have been easier to not include it!
We're more or less at the mercy of a small number of companies and their design decisions.