Comment by lxgr

Comment by lxgr 11 hours ago

0 replies

View on Hacker News

> You are safe if you additionally use a pin to unlock your TPM

Does the default configuration not somehow tangle a user-entered password to authentication against the TPM?

That's still not perfect (i.e. how do you make PIN/password entry non-keyloggable), but anything else, in particular extending the trusted computing base to the entire kernel and the hardware it runs on and hoping that they will both be bug-free and impossible to impersonate, seems like a bad idea.

The TPM is also in a much better position to properly velocity check PIN/password entries than the OS.