Reply to post: Re: Isn't this...

For $800 you can buy internet engineers' answer to US government spying

Lotaresco Silver badge

Re: Isn't this...

"Isn't this the same as the ASUS TPM (Trusted Platform Module) unit that I bought from Amazon.uk, for £14 odd?"

No, it's not. These are designed and used for different purposes.

A TPM is designed for a limited (but important) range of functions. Firstly every TPM has a unique RSA key burned into the module. This means that the TPM can offer evidence of identity which is important if you have a need to prove that your computer is your computer associated with you. There are occasions when that would be extremely useful such as when ordering Root CA certificates or for transactions where your ID is an important part of the process. TPMs can also protect keys such as full disk encryption keys. It also provides hardware protection against attacks on your passwords. The focus of a TPM is to assure the integrity of your computer and to protect your keys and passwords from attack.

A HSM is designed for two main functions. To protect high value keys for an enterprise and to offload cryptographic calculations. An HSM can perform many more calculations per second than can a server. This permits the use of (say) Elliptic-Curve cryptography for session keys and also supports the use of long RSA keys in systems processing thousands of transaction per second.

An important feature of an HSM is that the administrator never needs to see the keys. These are stored in the HSM and accessed using a key-encryption-key (KEK) with the encryption/decryption of data done within the HSM.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021