zlacker

[return to "Google Web Environment Integrity Is the New Microsoft Trusted Computing"]
1. blibbl+iQ[view] [source] 2023-07-27 10:14:00
>>neelc+(OP)
surely if they're successful they'll create a market for ripping the keys out of TPMs and selling them?

at which point you could attest any environment you wish, across as many machines as you want

a nice side hustle for bored university students with access to the equipment needed

(currently this doesn't happen as the TPM keys are essentially worthless)

◧◩
2. wizee+7Z[view] [source] 2023-07-27 11:28:29
>>blibbl+iQ
Such keys sold in large numbers could be detected and blacklisted though.
◧◩◪
3. rolph+t12[view] [source] 2023-07-27 16:21:45
>>wizee+7Z
thats advantageous in the context of key spraying attacks, aiming to get as many possible keys blacklisted as forgeries, leading to large scale key losses.

you dont have to know any keys just the structure of a valid key, then make things up according to spec

[go to top]