Post AT1ARwmm6USfMf860O by mjg59@nondeterministic.computer
(DIR) More posts by mjg59@nondeterministic.computer
(DIR) Post #AT1ARwmm6USfMf860O by mjg59@nondeterministic.computer
2023-02-24T22:03:57Z
0 likes, 0 repeats
Solving the "Every time I reinstall this machine I get a new SSH host key" by simply deterministically generating the host key on the TPM so it's identical on every install (but still unique per machine) and then exporting it over the SSH agent protocol
(DIR) Post #AT1AcmDviHsZnBzkzQ by nash@dice.camp
2023-02-24T22:06:04Z
0 likes, 0 repeats
@mjg59 Is that gets compromised, isn't that machine hosed forever?
(DIR) Post #AT1AkZkvx4GlRQ9QzQ by mjg59@nondeterministic.computer
2023-02-24T22:07:26Z
0 likes, 0 repeats
@nash The private key is in the TPM, compromising the system doesn't let you steal the key
(DIR) Post #AT1D0TzNMRlE63cRkm by alex_02@infosec.exchange
2023-02-24T22:32:50Z
0 likes, 0 repeats
@mjg59 @nash I should mention that bitlocker did similar and people were able to extract the key through neighboring chips on the board. One article: https://pulsesecurity.co.nz/articles/TPM-sniffingI think a better approach would be to have the private key on a separate usb device something similar to YubiKey and have the public key on the TPM and for whatever application "fingerprint" each host somehow. I don't know if I am explaining it well, but I remembered reading people extracting the keys for bitlocker from tpm because neighboring chips for some reason were "similar" enough that people could use them to extract data.
(DIR) Post #AT1HnCyln7S3LdpES8 by mjg59@nondeterministic.computer
2023-02-24T23:26:36Z
0 likes, 0 repeats
@alex_02 @nash That's a symmetric encryption key that's used on the CPU. In this case we're talking about an asymmetric encryption key that's only used on the TPM, and so can't be sniffed off the bus.
(DIR) Post #AT1HtoKBr2beuVzc7k by mjg59@nondeterministic.computer
2023-02-24T23:27:56Z
0 likes, 0 repeats
@alex_02 @nash The "Neighbouring chip" stuff for the Bitlocker attack was just that the SPI bus was also connected to the system flash, and that had pins that were easier to solder to. Nothing to do with chip similarity, just an easier point to get at a shared bus.
(DIR) Post #AT1JxxaBZjBIgra4bA by jannem@fosstodon.org
2023-02-24T23:50:55Z
0 likes, 0 repeats
@mjg59 why not copy over the old key?
(DIR) Post #AT1Ko8r2uZqehxLiVc by mjg59@nondeterministic.computer
2023-02-25T00:00:16Z
0 likes, 0 repeats
@jannem Because that's difficult to do when I'm wiping the entire drive
(DIR) Post #AT1NWh4VFpotTq11JA by oclsc@mstdn.ca
2023-02-25T00:30:41Z
0 likes, 0 repeats
@mjg59 @nash What if it's the ssh key that's compromised?
(DIR) Post #AT1NuJfJvh9ZpyV5wu by mjg59@nondeterministic.computer
2023-02-25T00:35:14Z
0 likes, 0 repeats
@oclsc @nash How?
(DIR) Post #AT1OQ5GyyaE0SyGTWC by rakslice@mastodon.social
2023-02-25T00:40:52Z
0 likes, 0 repeats
@mjg59 @oclsc @nash idk specifically, but i feel like the entire history of smart card security could give some clues :P
(DIR) Post #AT1OaeLDRpni7mHbYO by mjg59@nondeterministic.computer
2023-02-25T00:43:02Z
0 likes, 0 repeats
@rakslice @oclsc @nash I'm struggling to think of a scenario where an attacker could extract the private key from the TPM but wouldn't be able to just copy the private key off the drive
(DIR) Post #AT1Ot1VC4hYXAYi9js by oclsc@mstdn.ca
2023-02-25T00:46:08Z
0 likes, 0 repeats
@mjg59 @nash In simplest case, they break into your system, elevate privs, and steal private key. Now you have to generate a new one. How do you adjust your procedures when next you reinstall?
(DIR) Post #AT1P1YHK65md8jI33w by mjg59@nondeterministic.computer
2023-02-25T00:47:55Z
0 likes, 0 repeats
@oclsc @nash The private key is in the TPM. The TPM will not give you the private key.
(DIR) Post #AT1PDGxGKchut2UnE8 by oclsc@mstdn.ca
2023-02-25T00:49:48Z
0 likes, 0 repeats
@mjg59 @nash How does ssh get it?
(DIR) Post #AT1PNnLakhZkFItQfY by mjg59@nondeterministic.computer
2023-02-25T00:51:51Z
0 likes, 0 repeats
@oclsc @nash It doesn't. It asks the TPM to sign the challenge for it.
(DIR) Post #AT1Q04DUTs5fZMLxzs by rsalz@ioc.exchange
2023-02-25T00:58:36Z
0 likes, 0 repeats
@mjg59 @oclsc @nash think of the TPM just like an HSM. But it's a $0.35 chip, not a multi hundred dollar device. So of course protections aren't as strong.
(DIR) Post #AT1Q7tZDxWearDFfhw by alex_02@infosec.exchange
2023-02-25T00:59:27Z
0 likes, 0 repeats
@mjg59 @nash ok my bad. im not always good at explaining things well that i am thinking in my head.
(DIR) Post #AT1R5JdsejLYoTlPQu by oclsc@mstdn.ca
2023-02-25T01:10:38Z
0 likes, 0 repeats
@mjg59 @nash Does that happen every time ssh/sshd starts up, or is the private half of the keypair stored on disk as when ssh-keygen makes a key? It's theft of the disk copy that I'm suggesting. How do you recover when that happens?
(DIR) Post #AT1g5nUhAMO6i39fUm by justizin@hachyderm.io
2023-02-25T03:58:47Z
0 likes, 0 repeats
@mjg59 is this supported now or just like, an idea?
(DIR) Post #AT20q8cMxVMacz7QRs by corsac@mastodon.social
2023-02-25T07:51:22Z
0 likes, 0 repeats
@mjg59 I didn’t know you could use SSH agent for host keys but that makes sense actually
(DIR) Post #AT21BAewZ0Ej2aLtVA by mjg59@nondeterministic.computer
2023-02-25T07:55:15Z
0 likes, 0 repeats
@corsac Better than putting PKCS#11 in the server
(DIR) Post #AT21hC6CkKUklxNC52 by corsac@mastodon.social
2023-02-25T08:00:56Z
0 likes, 0 repeats
@mjg59 I can feel your pain :)
(DIR) Post #AT21oDb5ZgfXRiAV72 by muzzle@frenfiverse.net
2023-02-25T08:01:44Z
0 likes, 0 repeats
@mjg59 I'm sold. When is this being deployed?
(DIR) Post #AT26so7kD7j3f1RyqW by seanfurey@mas.to
2023-02-25T08:59:09Z
0 likes, 0 repeats
@mjg59 I assumed the TPM had a hardware RNG that it used as part of generating keys. Perhaps not? Or you can choose seed material for a software RNG?
(DIR) Post #AT276rGjJZRjT7LxHE by mjg59@nondeterministic.computer
2023-02-25T09:01:48Z
0 likes, 0 repeats
@seanfurey When you create a primary you provide a set of data that's used as an input to a KDF along with TPM-unique data, so the output is deterministic. Creating normal keys is purely random.
(DIR) Post #AT2ipB8cV1A48aYZLk by josephholsten@mstdn.social
2023-02-25T16:03:58Z
0 likes, 0 repeats
@mjg59 sounds great, but DNS-FP is also a thing
(DIR) Post #AT30ZUxOqLJg99ytAe by mjg59@nondeterministic.computer
2023-02-25T19:22:58Z
0 likes, 0 repeats
@josephholsten DNS-FP requires a way to validate updates, which is unnecessary if there are no updates
(DIR) Post #AT30pRY5HbiGD2k8WG by mjg59@nondeterministic.computer
2023-02-25T19:26:00Z
0 likes, 0 repeats
Coworker: *through sobs* you can't just say every problem can be solved with a TPM.... Please....Me: *points at halting problem* solved with a TPM
(DIR) Post #AT31MqT3ejFD3BJriC by vbabka@social.kernel.org
2023-02-25T19:30:01.145351Z
0 likes, 0 repeats
@mjg59 in my experience, halting problem is rather created by a TPM...
(DIR) Post #AT31MqyFmkCKbvumKu by mjg59@nondeterministic.computer
2023-02-25T19:31:54Z
0 likes, 0 repeats
@vbabka don't need to prove whether a function will terminate if the CPU isn't executing instructions
(DIR) Post #AT31cO9CiY9fqlRcbQ by alwayscurious@infosec.exchange
2023-02-25T19:34:38Z
0 likes, 0 repeats
@mjg59 How fast can the TPM sign things? If the TPM is slow this seems like an easy DoS.
(DIR) Post #AT31v94SzmOqarAlBQ by mjg59@nondeterministic.computer
2023-02-25T19:38:18Z
0 likes, 0 repeats
@alwayscurious depends heavily on the TPM, but for ECDSA ballpark of ~100ms is probably not unrealistic (I should benchmark on ours). For our use case not an issue, but you wouldn't want to front, say, github with one
(DIR) Post #AT32DvNs6jYBe7Ch28 by alwayscurious@infosec.exchange
2023-02-25T19:41:35Z
0 likes, 0 repeats
@mjg59 I hope GitHub uses a real HSM for their SSH keys. Rotating them would be a nightmare.
(DIR) Post #AT33vNgiqjOVpsJ47M by alienghic@octodon.social
2023-02-25T20:00:30Z
0 likes, 0 repeats
@mjg59 @vbabka
(DIR) Post #AT34ahlb6PabyuI8PY by otakup0pe@sfba.social
2023-02-25T20:07:56Z
0 likes, 0 repeats
@mjg59 my colleagues keep crying how do i solve this with a tpm
(DIR) Post #AT3ABrFvHhR9tf0lJw by ACNelson@infosec.exchange
2023-02-25T21:10:32Z
0 likes, 0 repeats
@mjg59THanks for promoting usage of TPM's. I rep my company at TCG and am the editor of multiple specs for TPM. I ❤️ that it is a tech that can solve problems like this!
(DIR) Post #AT3V5iqNkG0P6iyq3M by alwayscurious@infosec.exchange
2023-02-26T01:04:41Z
0 likes, 0 repeats
@mjg59 I wonder if TPMs have to do signing and decryption in on-chip firmware or if they have hardware accelerators for that.
(DIR) Post #AT3yip6vHCciVYiL7Q by landley@mstdn.jp
2023-02-26T06:36:47Z
0 likes, 0 repeats
@mjg59 Define "solved".