undefined | Better HN

0 pointsAnthonyMouse1y ago0 comments

So the sole legitimate use case for a TPM is when you're somewhere with neither cellular service nor Wi-Fi (rare) and your portable device is off rather than asleep (rare) and you can't remember a long passphrase, which doesn't have to be unmemorable, it's just less convenient to type.

This seems like it isn't worth the cost in authoritarianism?

For that matter you could still implement even that with just a secure enclave that will only release the key given the correct PIN (and then rate limits attempts etc.), but then does actually release the key in that case and doesn't do any kind of remote attestation or signing.

0 comments

vel0city1y ago

> a secure enclave that will only release the key given the correct PIN

So...a TPM?

> This seems like it isn't worth the cost in authoritarianism?

You know what's really authoritarian? Having your computer practically only decryptable by some remote directory server, potentially not even under your control.

j / k navigate · click thread line to collapse