You always have to trust the firmware. Nothing new with TCPA here.
What about firmware in disk drives, video cards, network cards, scsi host adapters...? Did you read the code?
The TCPA-Chips ist not in a better position than the other controllers inside you computer. Parts of your VGA BIOS are executed while booting your computer. The code can do anything. Please remove your graphic card before thinking about privacy issues in TCPA-Hardware.
muhh
USB stick isnt better. Your private key has to be transfered to computers main memory all the time you sign or decrypt something because the key is needed by the encryption/sign algorithm. This time a trojan horse can steal your private key. This key is useless forever. You have to revoke the key, create a new one and build a new web of trust.
With a TCPA-Chip your private key never leaves the chip (if configured so). An attacker my use your computer to sign/encrypt in you name but never gets the key itself. After you've detected the trojan horse and replaced the compromised programs you are "secure" again.
For the same reason you cant replace a smartcard with a floppy disk or USB stick.
Slashdot Mirror
You always have to trust the firmware. Nothing new with TCPA here. What about firmware in disk drives, video cards, network cards, scsi host adapters ...? Did you read the code?
The TCPA-Chips ist not in a better position than the other controllers inside you computer. Parts of your VGA BIOS are executed while booting your computer. The code can do anything. Please remove your graphic card before thinking about privacy issues in TCPA-Hardware.
muhh
USB stick isnt better. Your private key has to be transfered to computers main memory all the time you sign or decrypt something because the key is needed by the encryption/sign algorithm.
This time a trojan horse can steal your private key. This key is useless forever. You have to revoke the key, create a new one and build a new web of trust.
With a TCPA-Chip your private key never leaves the chip (if configured so). An attacker my use your computer to sign/encrypt in you name but never gets the key itself. After you've detected the trojan horse and replaced the compromised programs you are "secure" again.
For the same reason you cant replace a smartcard with a floppy disk or USB stick.
muhh