Douglas Lee Schales wrote:
Actually, I think its important to be clear about the differences between TCPA and Palladium. It seems quite obvious that _this version_ of TCPA is not designed (unlike Palladium) to provide DRM, though it is equally clear that they've failed to point out the obvious attack (which is to intercept the content once it has been decrypted, an attack Palladium explicitly defends against). In the meantime, the arguments "demonstrating" their weakness as a DRM platform are rather unsound.In reply to your message dated: Wed, 22 Jan 2003 13:09:30 ESTThis is has descended into the ridiculous. TCPA has been tossed about as being a great coming evil, the end of the open computing world. We finally get some technical information published about TCPA that's not only of keen interest to the Open Source community, but also of use (source code). The only result of this publication is an inane discussion about the use of "hacker" vs "cracker". Get a grip... discuss the technical content!
They make two main points:
1. Variations in BIOS, OS and application will render it impossible to check PCR values. However, this argument also renders the chip useless for its intended purpose (i.e. if the PCR values change, you can no longer unseal your keys!).
2. The chip is vulnerable to power analysis and other advanced trickery. This may be true, but is quite probably not in reach of the ordinary user.
So, one must wonder why they mention these points but not the easy attack (snarf the content after decryption)? Presumably because they intend to close that at some point in the future, so using it as a defence now would be bad. Of course, once that hole is closed TCPA _is_ Palladium.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]