At 9:11 PM +1300 10/28/05, Peter Gutmann wrote:
>The West Coast Labs tests report that they successfully evade all known
>sniffers, which doesn't actually mean much since all it proves is that
>LocalSSL is sufficiently 0-day that none of the sniffers target it yet.  The
>use of SSL to get the keystrokes from the driver to the target app seems
>somewhat silly, if sniffers don't know about LocalSSL then there's no need to
>encrypt the data, and once they do know about it then the encryption won't
>help, they'll just dive in before the encryption happens.

Absent any real data, crypto-dogma :-) says that you need
hardware-encryption, physical sources of randomness, and all sorts of other
stuff to really solve this problem.

On the other hand, such hardware solutions usually come hand-in-hand with
the whole hierarchical is-a-person "PKI" book-entry-to-the-display
I-gotcher-"digital-rights"-right-here-buddy mess, ala Palladium, etc.

Like SSL, then -- and barring the usual genius out there who flips the
whole tortoise over to kill it, which is what you're really asking here --
this thing might work good enough to keep Microsoft/Verisign/et al. in
business a few more years.

To the rubes and newbs, it's like Microsoft adopting TLS, or Intel doing
their current crypto/DRM stuff, which, given the amount iPod/iTunes writes
to their bottom line now, is apparently why Apple really switched from PPC
to Intel now instead of later. You know they're going to do evil, but at
least the *other* malware goes away.

So, sure. SSL to the keys. That way Lotus *still* won't run, and business
gets  done in Redmond a little while longer.

Somewhere, Dr. Franklin is laughing, of course...
R. A. Hettinga <mailto: [EMAIL PROTECTED]>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Reply via email to