gpg and TPM

Raja Saha raja at rsdisk.com
Fri May 14 08:46:44 CEST 2021


Hi,

I was reading about Debian UEFI and secure boot. If tpm isn't secured
at boot, will that make tpm less secure than key pair where user puts a
strong password?

Thanks.

On Thu, 2021-05-13 at 22:03 +0100, Damien Goutte-Gattat via Gnupg-users 
wrote:
> On Tue, May 11, 2021 at 02:03:21PM +0000, mailinglisten at posteo.de
> wrote:
> > I´m not that familiar with the TPM in general
> 
> Me neither.
> 
> 
> > is the TPM owner (and SRK) password safe against brute force
> > attacks? 
> > Or do you need a complex password for the TPM?
> 
> My understanding is that the TPM offers the *possibility* to protect 
> against brute force attacks (through the “dictionary attack lockout 
> reset” mechanism), but I am not sure whether that protection is
> enabled 
> by default or if the tpm2daemon (the new component within GnuPG in 
> charge of using the TPM) makes use of it.
> 
> Until I know more, I use with my TPM stronger PINs than what I
> normally 
> use with my OpenPGP tokens, just in case. :)
> 
> - Damien
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




More information about the Gnupg-users mailing list