Re: Dell to Add Security Chip to PCs

2005-02-05 Thread Anne Lynn Wheeler
Peter Gutmann wrote: Neither. Currently they've typically been smart-card cores glued to the MB and accessed via I2C/SMB. and chips that typically have had eal4+ or eal5+ evaluations. hot topic in 2000, 2001 ... at the intel developer's forums and rsa conferences

Re: Using TCPA

2005-02-05 Thread Sean Smith
On Feb 4, 2005, at 6:58 AM, Eric Murray wrote: So a question for the TCPA proponents (or opponents): how would I do that using TCPA? check out enforcer.sourceforge.net We also had a paper at ACSAC 2004 with some of the apps we've built on it. Two things we've built that haven't made it yet to

Re: Dell to Add Security Chip to PCs

2005-02-05 Thread Anne Lynn Wheeler
Erwann ABALEA wrote: I've read your objections. Maybe I wasn't clear. What's wrong in installing a cryptographic device by default on PC motherboards? I work for a PKI 'vendor', and for me, software private keys is a nonsense. How will you convice Mr Smith (or Mme Michu) to buy an expensive CC

Re: Dell to Add Security Chip to PCs

2005-02-05 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Dan Kaminsky writes: Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus. How? TCPA is only a

Re: Dell to Add Security Chip to PCs

2005-02-05 Thread Mark Allen Earnest
Trei, Peter wrote: It could easily be leveraged to make motherboards which will only run 'authorized' OSs, and OSs which will run only 'authorized' software. And you, the owner of the computer, will NOT neccesarily be the authority which gets to decide what OS and software the machine can run. If

Re: Is 3DES Broken?

2005-02-05 Thread Ian G
John Kelsey wrote: From: Steven M. Bellovin [EMAIL PROTECTED] No, I meant CBC -- there's a birthday paradox attack to watch out for. Yep. In fact, there's a birthday paradox problem for all the standard chaining modes at around 2^{n/2}. For CBC and CFB, this ends up leaking information