System and method for protecting against dictionary attacks on password-protected TPM keys
First Claim
1. A method for providing for secure storage of a security key, comprising:
- performing a one-way function on a user-provided password for at least a time period to generate a result;
using the result to generate a password-derived key;
encrypting the security key with the password-derived key to render an encrypted key; and
storing the encrypted key.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system that may include a trusted platform module (TPM) along with a processor hashes a user-supplied password for a predetermined time period that is selected to render infeasible a dictionary attack on the password. The results of the hash are used to render an AES key, which is used to encrypt an RSA key. The encrypted RSA key along with the total number of hash cycles that were used is stored and the RSA key is provided to the TPM as a security key. In the event that the RSA key in the TPM must be recovered, the encrypted stored version is decrypted with an AES key that is generated based on the user inputting the same password and hashing the password for the stored number of cycles.
61 Citations
19 Claims
-
1. A method for providing for secure storage of a security key, comprising:
-
performing a one-way function on a user-provided password for at least a time period to generate a result;
using the result to generate a password-derived key;
encrypting the security key with the password-derived key to render an encrypted key; and
storing the encrypted key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system, comprising:
-
at least one memory;
at least one trusted platform module (TPM), the memory not being part of the TPM; and
at least one processor executing method acts including;
performing a one-way function on a user-supplied password for at least a predetermined time period of sufficient length to render infeasible a dictionary attack on the password;
using information derived from the results of the performing act, encrypting at least one TPM key to render an encrypted key;
storing the encrypted key in the memory; and
providing the TPM key to the TPM. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer system, comprising:
-
means for performing a one-way function on a user-supplied password for a predetermined time period to render a result of a total number of “
M”
function cycles;
means for deriving a password-derived key from the result;
means for encrypting a security key with the password-derived key to render an encrypted key; and
means for storing the encrypted key and the number “
M”
of cycles. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification