undefined | Better HN

0 pointsFoxboron1y ago0 comments

`tpm2-totp` defeats the entire "replace the laptop" threat scenario.

https://github.com/tpm2-software/tpm2-totp

0 comments

The "replaced laptop" scenario is a full MITM on the hardware. TOTP generally does not protect against MITM. The required TOTP code is, in this scenario, generated by the device in the attackers hand. So the fake could also display it.

FoxboronOP1y ago

You need to decide between the attack here. Are you subverting hardware or are you replacing a laptop?

The TOTP token here is sealed inside TPM.

blueflow1y ago

And what do you need to do to unseal it? And why cant the fake laptop relay that to the real laptop?

FoxboronOP1y ago

It's never unsealed. `tpm2-totp` does an encrypted session to the TPM and runs `TPM2_HMAC` on the TPM shielded key, you can also include PCRs to add further authentication to this entire exchange.

What do you mean with "relay"?

(All of this is trivially solved with glitter nail polish anyway.)

1 more reply

j / k navigate · click thread line to collapse

0 comments

blueflow1y ago

FoxboronOP1y ago

You need to decide between the attack here. Are you subverting hardware or are you replacing a laptop?

The TOTP token here is sealed inside TPM.

blueflow1y ago

And what do you need to do to unseal it? And why cant the fake laptop relay that to the real laptop?

FoxboronOP1y ago

It's never unsealed. `tpm2-totp` does an encrypted session to the TPM and runs `TPM2_HMAC` on the TPM shielded key, you can also include PCRs to add further authentication to this entire exchange.

What do you mean with "relay"?

(All of this is trivially solved with glitter nail polish anyway.)

1 more reply

j / k navigate · click thread line to collapse