![]() Some organizations may worry about shoulder surfing. The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). ![]() The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key. For that matter, the Windows client doesn't have a copy of the current PIN either. The server doesn't have a copy of the PIN. ![]() With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). With passwords, there's a server that has some representation of the password. When using Windows Hello for Business, the PIN isn't a symmetric key, whereas the password is a symmetric key.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |