gpg and TPM

Damien Goutte-Gattat dgouttegattat at
Thu May 13 23:03:51 CEST 2021

On Tue, May 11, 2021 at 02:03:21PM +0000, mailinglisten at wrote:
>I´m not that familiar with the TPM in general

Me neither.

>is the TPM owner (and SRK) password safe against brute force attacks? 
>Or do you need a complex password for the TPM?

My understanding is that the TPM offers the *possibility* to protect 
against brute force attacks (through the “dictionary attack lockout 
reset” mechanism), but I am not sure whether that protection is enabled 
by default or if the tpm2daemon (the new component within GnuPG in 
charge of using the TPM) makes use of it.

Until I know more, I use with my TPM stronger PINs than what I normally 
use with my OpenPGP tokens, just in case. :)

- Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list