zlacker

[parent] [thread] 3 comments
1. wizee+(OP)[view] [source] 2023-07-27 11:28:29
Such keys sold in large numbers could be detected and blacklisted though.
replies(3): >>blibbl+A2 >>kevinc+Zz >>rolph+m21
2. blibbl+A2[view] [source] 2023-07-27 11:51:05
>>wizee+(OP)
which will increases demand for keys, and will encourage increased economies of scale of extracting them

would I pay $500 for a TPM key I can use to "attest" my hacked version of Chromium that removes ads? hell yes

would cheaters pay $500 for a TPM key to bypass valorant anti-cheat? hell yes (they do already)

would spammers pay $500 to spam Google?

and so on

ultimately attestation to control the user (vs. protect them) sows the seeds of its own demise

3. kevinc+Zz[view] [source] 2023-07-27 14:31:31
>>wizee+(OP)
IIRC these keys are often produced in batches to help protect anonymity so revoking them may have undesirable impact on the bystanders who happen to have a key in the same batch.

So if we could reliably extract keys it may be enough to break this. (or force TPM makers to have per-device keys instead of per-batch keys)

4. rolph+m21[view] [source] 2023-07-27 16:21:45
>>wizee+(OP)
thats advantageous in the context of key spraying attacks, aiming to get as many possible keys blacklisted as forgeries, leading to large scale key losses.

you dont have to know any keys just the structure of a valid key, then make things up according to spec

[go to top]