Some of the biggest tech giants in the industry are warning customers of a very serious vulnerability affecting TPM chips produced by Infineon Technologies. The vulnerability itself is created by a flaw in the Trusted Platform Module (TPM), which is designed to protect cryptographic devices within integrated hardware. Protections provided by the TPM include : encrypted key storage, certificates, sensitive data, disk encryption, passwords, authentication tokens, S-MIME/PGP email encryption, and more. TPM provides these protections on the hardware level.
Trusted Platform Module? More like Trusted Backdoor Module. Aka yet another spy chip.
IME, PSP, TPM, I don't care what it is, the only purpose of it is allowing access to the overlords.
It's a serious vulnerability, but it's only applicable in a very targeted scenario because the factorization requires a very large amount of calculation time. It does seem to have enough hallmarks to look like a subtle enough compromise for state actors, but this will take a substantial period of time on a massive supercomputer to factor, so I don't think you need to be *too* worried about big brother just yet.
Best practice for the last 2 years has already been to generate RSA keys at 4096 bits anyway, which is still computationally infeasible even with this vulnerability.
It's a serious vulnerability, but it's only applicable in a very targeted scenario because the factorization requires a very large amount of calculation time. It does seem to have enough hallmarks to look like a subtle enough compromise for state actors, but this will take a substantial period of time on a massive supercomputer to factor, so I don't think you need to be *too* worried about big brother just yet.
Best practice for the last 2 years has already been to generate RSA keys at 4096 bits anyway, which is still computationally infeasible even with this vulnerability.
Plus, let's be realistic here...for 98% of us here, Big Brother doesn't care. Not that it's an excuse...just that it's highly unlikely that anyone here bar a few black hats will even show up as 1/10 of a blip on their "big baddie" radar so getting paranoid about it is kind of silly, though objecting to it is not.
Plus, let's be realistic here...for 98% of us here, Big Brother doesn't care. Not that it's an excuse...just that it's highly unlikely that anyone here bar a few black hats will even show up as 1/10 of a blip on their "big baddie" radar so getting paranoid about it is kind of silly, though objecting to it is not.
Very dangerous slippery slope you just willfully stepped onto. Allowing any normalization of this would only serve to establish a precedent for further surveillance.
2048bit keys are used on eID cards in Slovak republic, and certificates were generated by affected TPM Infineon chips too. In our country are ID cards mandatory, and may contain chip with certificates based on 2048bit RSA key, which might be vulnerable. ID cards and eID certificates are generated by the local police. Those are used to communicate electronically and are used as "electronic signature" to communicate with various government bureaus. If exposed those can lead to identity theft.
Minister of Interior - Robert Kalinak - is still quite sure about safety of the keys, because the study above tells it will take 140 years to compute the private key out of public key. It can take much less time (paralel computing, usage of mutltiple GPUs with high Doubleprecision etc). Could be as few as 30 or less days.
Translation from interview:
Minister Kalinak: "In this case its a potential threat, in case you have to use a brutal computational power, just to attempt to hack the signature, and main problem is in two cases. First you need to get it (the electronic signature - public key), so then you can attack it somehow, because thats not a publicly accessible thing (actually it is).
Journalist: "But the public keys are public"
Minister: "So can you find mine on the Internet"
And there is one catch... Of course trying to get the private key itself would be a crime.
Trusted Platform Module? More like Trusted Backdoor Module. Aka yet another spy chip.
IME, PSP, TPM, I don't care what it is, the only purpose of it is allowing access to the overlords.
Yes, the cryptographic coprocessor is definitely a backdoor.
Quote:
Originally Posted by DIYDeath
Plus, let's be realistic here...for 98% of us here, Big Brother doesn't care. Not that it's an excuse...just that it's highly unlikely that anyone here bar a few black hats will even show up as 1/10 of a blip on their "big baddie" radar so getting paranoid about it is kind of silly, though objecting to it is not.
The best way to stay off the grid isn't to try to hide everything you do, but to flood the system with so much noise that no usable information can be found.
The best way to stay off the grid isn't to try to hide everything you do, but to flood the system with so much noise that no usable information can be found.
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Ask a question
Ask a question
Overclock.net
27.8M posts
541.2K members
Since 2004
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!