are keys in the TPM really securely stored and accessed? can i trust those to only be used by myself by i.e. providing a password or similar? i also think touchid should rank even lower because its likely somewhat easy to forge.
TPM keys are not accessible once imported or generated. You only get access to operations like encrypt/decrypt on them. Those are also normally accessible only by the root user, so you use some kind of proxy with an extra step (like a password) to make them available to the user.
I'm not sure what you mean by touchid being easy to forge.
so that does mean once i have access to the computer the keys are somewhat free to use. thus i am authenticating the device not the user which is kind of an important distinction...
IMHO this is not as secure as storing the key encrypted on a drive where its only accessible using a passphrase. It is just harder or maybe even impossible to exfiltrate the key but you really don't need to do that in order to use it. i might be wrong though.
My remark about touchid came from the fact that fingerprint scanning is inherently insecure because it is trivial to fool most devices into thinking you got a matching fingerprint using something that was touched and left a mark and some glue.
> thus i am authenticating the device not the user which is kind of an important distinction..
It is very unlikely that the actual threats you face make this "an important distinction". If you don't have 24/7 bodyguards, it's time to be realistic with yourself that in fact "I got drunk and clicked something dumb" or "That wasn't a real email from FedEx, what was I thinking?" are much bigger threats than "A covert team picked the lock on my condo and then while I was asleep they modified my MacBook to help them break into my GitHub account".
> fingerprint scanning is inherently insecure because it is trivial to fool most devices into thinking you got a matching fingerprint
Because biometric security in these scenarios is local the bad guy needs to steal the device first. Again, it is very unlikely your threats look like that. Real crooks who steal devices like MacBooks or iPhones will sell them to some dodgy bloke not try to impersonate you and break into your GitHub account before you invalidate the keys.
No, ninjas won't be breaking into your home to install malware on your devices, but the maids at the hotels you stay at might! That is known as the Evil Maid threat. Yes, hotels tend to have safes in the room that will fit smallish laptops but those can be reset by... the hotel anyways.
This is also a problem at work where you might leave your laptop on your desk at your cubicle.
these are valid points and of course everything you do to improve your security posture should somehow be related to your real threat model. However, OP was implying TPM might be more secure then an encrypted key on a disk which i disagree with for the mentioned reasons.
TPMs are... extremely flexible. It's hard to summarize what they can do, but I'll try:
- a TPM is a crypto co-processor with HSM-like functionality (e.g., key wrapping).
- TPMs can be and are used to secure the boot process by having the CPU/ME do a core root of trust measurement of the BIOS, and then the BIOS can do a static root of trust measurement of all the option ROMs and such and the next boot stage for the OS, and the OS can continue the measurement process, and if you're willing to you can make sure no code is ever executed that isn't "trusted".
- TPMs have very flexible authorization policies, so you can make sure that use of some key requires multi-factor authentication (biometrics, smartcard, password) or multi-user authentication (two or more users have to authenticate), time of day restrictions, approved root of trust measurements, etc.
- TPMs can be used to attest root of trust measurements, authentication status, etc.
I recently contributed some tutorials[0] to TPM.dev[1].
> so that does mean once i have access to the computer the keys are somewhat free to use. thus i am authenticating the device not the user which is kind of an important distinction...
Isn't that the case with a U2F key? Since you observe how easy it is to fool a fingerprint scanner, is there any technology that enables you to authenticate a user at all? Password managers make passwords effectively an authentication of a device, not a person, in any case when the password is improbable enough to be secure. Maybe iris scanners work for you?
Really, all we can do is make it harder for people to steal an authentication device (gmail password, ~/.ssh/id_rsa, tpm module in laptop, yubikey, whatever) and easier for people to understand in their gut that they need to protect this from theft. Am I wrong?
i think technically you are correct but in case of a U2F key i am not authenticating the machine directly but check if the person in front of the screen is in possession of the token. that is different then assuring the device they are on is legit.
> once i have access to the computer the keys are somewhat free to use
Once you have access and either root or pass whatever extra authentication the access requires.
> storing the key encrypted on a drive where its only accessible using a passphrase
The extra failure mode here is that someone can copy the key and crack your password offline on their own time.
> using something that was touched and left a mark and some glue.
At that point a camera catching your password should also be a potential threat. But yeah, if that's something you're realistically worried about then it's not a great solution for you.
> Once you have access and either root or pass whatever extra authentication the access requires.
How hard would it be to boot a signed kernel with a system ready to give you all the access you want or need?
> The extra failure mode here is that someone can copy the key and crack your password offline on their own time.
but what i was arguing about was once i could copy your encrypted key i could likely use it right away with TPM.
> At that point a camera catching your password should also be a potential threat. But yeah, if that's something you're realistically worried about then it's not a great solution for you.
i feel like everybody should be seeing this as a threat. Don't you look out for someone snooping on your typing when you enter passphrases? i certainly do and avoid it while being watched, especially in public places where cameras are more likely.
> How hard would it be to boot a signed kernel with a system ready to give you all the access you want or need?
Depends on the config. From trivial (old BIOS, no protection) to ~impossible (locked uefi doing secure boot).
> once i could copy your encrypted key i could likely use it right away with TPM
You cannot copy the key once it's moved into the TPM chip.
> Don't you look out for someone snooping on your typing when you enter passphrases?
No. I'm not secure from targeted snooping anyway, but I'm not typing any non-local passwords usable by people reviewing old camera footage - in most cases access is being 2fa.
> Depends on the config. From trivial (old BIOS, no protection) to ~impossible (locked uefi doing secure boot).
so locked means i can not boot any other system until its unlocked? How do i do this? is there another passphrase involved? do i have to reset the chip before anything else is booted? i am probably not that well informed on this topic.
> You cannot copy the key once it's moved into the TPM chip.
obviously not! but i can just use it right away without figuring out your password. That is assuming i can fool the system to trust me. It requires the same level of access but in case of the passphrase i am blocked until i solved this. If i use your key immediately to ensure my own keys are trusted i am already done.
UEFI with your own keys in TPM (same tech involved) allows you to run only your signed bootloader and kernel. So no external media, replacing the disk, or tricks like init=/bin/sh will work. You can only boot into the signed system. From there you have the usual user account controls.
It doesn't allow for the touch verification on use, but it's still better than having a file in the disk. Security scale would be: