• Lojcs@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    Just generate one anew. You don’t need to use the same one each time

    • xradeon
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      What do you mean by that? Generate a new private/public key pair every time you setup a new TPM? Or when you boot the system or something?

      • Lojcs@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        11 months ago

        On each connection. Or boot. Whenever you need

        Edit: to be clear, this would still be vulnerable to mitm attacks without a user entered password on top but at least you can’t just read the secrets from the bus. E2: And having a password wouldn’t be fully secure without such a scheme neither