On Thu, Mar 20, 2014 at 11:42 AM, Nathaniel Husted <[email protected]> wrote: > If I recall there are also certain performance benefits to hardware > solutions that might allow specific cryptographic operations far > faster than the CPU. It's been ~5 years since I've looked into TPMs so > I'm unsure how the hardware accelerations they provide might compare > to AES-NI, though if public key accelerations are available, that > would be quite useful, especially on mobile devices. The pain point is key exchange. I'd take dual Intel Xeon 5675 quad cores over a $40,000 accelerator any day of the week ;)
> I'd argue a software system also, at least, allows a chance for > defense in depth, at least from a high level perspective. All the solutions suffer the "Unattended key storage problem". Its a problem without a solution. See Peter Gutmann's Engineering Security and his section on wicked-hard problems (https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf). Jeff > On Thu, Mar 20, 2014 at 10:22 AM, Anders Rundgren > <[email protected]> wrote: >> On 2014-03-20 13:24, Radoje Stojisic wrote: >>> Do you guys think that a software solution is as secure as a hardware one ? >>> Where do you see some critical problems if they try it with software? >> >> There are several issues here. >> 1. Software keys are not tamper-proof against physical >> 2. Software keys are not immune to software attacks >> 3. Remote attestations from software containers provide essentially zero >> value >> >> That doesn't mean that software solutions are useless :-) >> >> Apple has taken this to a new level: >> http://images.apple.com/ipad/business/docs/iOS_Security_Feb14.pdf >> >> Anders -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
