|
|
|
|
|
|
by JoachimS
1372 days ago
|
|
|
No, the USS would be used (mixed in as kfreds stated) during the hash operation. So the hash result would be based in (1) the hash of the application, (2) the unique device secret, and (3) the user supplied secret. The result is called Compound Device Identity in DICE parlance. And is basically CDI = Hash(UDS, Hash(application) + USS) If the application would use the result (called CDI - Compound Device Identity in DICE parlance) to derive a pair of keys, the keys would thus be based on the hardware (the specific device you have), the integrity of the application and what you know. |
|
|