If I recall there are also certain performance benefits to hardware solutions that might allow specific cryptographic operations far faster than the CPU. It's been ~5 years since I've looked into TPMs so I'm unsure how the hardware accelerations they provide might compare to AES-NI, though if public key accelerations are available, that would be quite useful, especially on mobile devices.
I'd argue a software system also, at least, allows a chance for defense in depth, at least from a high level perspective. Cheers, Nathaniel On Thu, Mar 20, 2014 at 10:22 AM, Anders Rundgren <[email protected]> wrote: > On 2014-03-20 13:24, Radoje Stojisic wrote: >> Do you guys think that a software solution is as secure as a hardware one ? >> Where do you see some critical problems if they try it with software? > > There are several issues here. > 1. Software keys are not tamper-proof against physical > 2. Software keys are not immune to software attacks > 3. Remote attestations from software containers provide essentially zero value > > That doesn't mean that software solutions are useless :-) > > Apple has taken this to a new level: > http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf > > Anders > >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <mailto:[email protected]>. >> To post to this group, send email to >> [email protected] >> <mailto:[email protected]>. >> Visit this group at http://groups.google.com/group/android-security-discuss. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
