feddit.org

12 points

4 months ago

How does that help when somebody has access to the phone via your PIN or password?

report

[ - ]

chris@l.roofo.cc

4 points

4 months ago

If I’m not mistaken you can save keys in these chips so that they can not be extracted. You can only use the key to encrypt/decrypt/sign/verify by asking the chip to do these operations with your key.

report

[ - ]

5 points

4 months ago

That sounds only marginally better. Access to the phone still means you can create a backup containing the key, so TPM wouldn’t help much.

report

[ - ]

Scott@lem.free.as

1 point

4 months ago

One would hope the backup is encrypted.

report

[ - ]

3 points

4 months ago

It is. A password is generated that you have to write down. It must’ve been a compromise because they knew most people would just pick a shitty password if they didn’t generate one and it would end up on a piece of paper or in some digital form anyway.

report

[ - ]

3 points

4 months ago

No, why would a backup contain non-exportable information? One of the reasons to use TPM to begin with is that sensitive information can’t leave it.

report

[ - ]

1 point

4 months ago

How do you restore a backup on another phone without the keys?

report

[ - ]

lud@lemm.ee

2 points

4 months ago

You would probably use a recovery key that exists exclusively elsewhere like on paper in a vault. Like bitlocker.

I have no idea if signal uses TPM or not but generally keys in TPM are non-exportable which is a very good thing and IMO the primary reason to use TPM at all.

report