--
On 3 Feb 2005 at 22:25, Anonymous wrote:
> Now, my personal perspective on this is that this is no real
> threat. It allows people who choose to use the capability to
> issue reasonably credible and convincing statements about
> their software configuration. Basically it allows people to
> t
Dan Kaminsky wrote:
TCPA eliminates external checks and balances, such as antivirus. As the
user, I'm not trusted to audit operations within a TCPA-established
sandbox. Antivirus is essentially a user system auditing tool, and
TCPA-based systems have these big black boxes AV isn't allowed to a
John Kelsey wrote:
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
No, I meant CBC -- there's a birthday paradox attack to watch out for.
Yep. In fact, there's a birthday paradox problem for all the standard chaining modes at around 2^{n/2}.
For CBC and CFB, this ends up leaking information
Trei, Peter wrote:
It could easily be leveraged to make motherboards
which will only run 'authorized' OSs, and OSs
which will run only 'authorized' software.
And you, the owner of the computer, will NOT
neccesarily be the authority which gets to decide
what OS and software the machine can run.
If y
At 09:55 2005-02-03 -0500, John Kelsey wrote:
>From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
>Sent: Feb 2, 2005 1:39 PM
>To: bear <[EMAIL PROTECTED]>
>Cc: Aram Perez <[EMAIL PROTECTED]>, Cryptography
>Subject: Re: Is 3DES Broken?
...
>>I think you meant ECB mode?
>No, I meant CBC -- there's a bir
In message <[EMAIL PROTECTED]>, Dan Kaminsky writes:
>
>>>Uh, you *really* have no idea how much the black hat community is
>>>looking forward to TCPA. For example, Office is going to have core
>>>components running inside a protected environment totally immune to
>>>antivirus.
>>>
>>>
>>
>>Ho
The best that can happen with TCPA is pretty good -
it could stop a lot of viruses and malware, for one
thing.
No, it can't. That's the point; it's not like the code running inside
the sandbox becomes magically exploitproof...it just becomes totally
opaque to any external auditor. A black h
Erwann ABALEA wrote:
> I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an
expensive CC
On Feb 4, 2005, at 6:58 AM, Eric Murray wrote:
So a question for the TCPA proponents (or opponents):
how would I do that using TCPA?
check out
enforcer.sourceforge.net
We also had a paper at ACSAC 2004 with some of the apps we've built on
it.
Two things we've built that haven't made it yet to th
Peter Gutmann wrote:
Neither. Currently they've typically been smart-card cores glued to the
MB and accessed via I2C/SMB.
and chips that typically have had eal4+ or eal5+ evaluations. hot topic
in 2000, 2001 ... at the intel developer's forums and rsa conferences
---
10 matches
Mail list logo
