Re: Any comments on BlueGem's LocalSSL?

2005-10-31 Thread R.A. Hettinga 
At 7:51 PM -0400 10/28/05, R.A. Hettinga wrote:
>OTOH, if markets overtake the DRM issue,
^" moot", was what I meant to say...

Anyway, you get the idea.

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Any comments on BlueGem's LocalSSL?

2005-10-31 Thread R.A. Hettinga 
At 11:10 AM -0700 10/28/05, James A. Donald wrote:
>I am a reluctant convert to DRM.  At least with DRM, we
>face a smaller number of threats.

I have had it explained to me, many times more than I want to remember,
:-), that strong crypto is strong crypto.

It's not that I'm unconvinceable, but I'm still unconvinced, on the balance.

OTOH, if markets overtake the DRM issue, as most cypherpunks I've talked to
think, then we still have lots of leftover installed crypto to play around
with.

Cheers,
RAH
Who still thinks that digital proctology is not the same thing as financial
cryptography.
-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Any comments on BlueGem's LocalSSL?

2005-10-28 Thread James A. Donald 
--
R.A. Hettinga" <[EMAIL PROTECTED]>
> Intel doing their current crypto/DRM stuff, [...] You
> know they're going to do evil, but at least the
> *other* malware goes away.

I am a reluctant convert to DRM.  At least with DRM, we
face a smaller number of threats.


--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 ctySJF5hgF1q9fil61pohBVLfj/aT4jWZ/KUf29x
 4GuXiNXRF+nY3+3LFo8YpvV4w1S5dwf+LcuAsZWWe

Re: Any comments on BlueGem's LocalSSL?

2005-10-28 Thread R.A. Hettinga 
At 9:11 PM +1300 10/28/05, Peter Gutmann wrote:
>The West Coast Labs tests report that they successfully evade all known
>sniffers, which doesn't actually mean much since all it proves is that
>LocalSSL is sufficiently 0-day that none of the sniffers target it yet.  The
>use of SSL to get the keystrokes from the driver to the target app seems
>somewhat silly, if sniffers don't know about LocalSSL then there's no need to
>encrypt the data, and once they do know about it then the encryption won't
>help, they'll just dive in before the encryption happens.

Absent any real data, crypto-dogma :-) says that you need
hardware-encryption, physical sources of randomness, and all sorts of other
stuff to really solve this problem.

On the other hand, such hardware solutions usually come hand-in-hand with
the whole hierarchical is-a-person "PKI" book-entry-to-the-display
I-gotcher-"digital-rights"-right-here-buddy mess, ala Palladium, etc.

Like SSL, then -- and barring the usual genius out there who flips the
whole tortoise over to kill it, which is what you're really asking here --
this thing might work good enough to keep Microsoft/Verisign/et al. in
business a few more years.

To the rubes and newbs, it's like Microsoft adopting TLS, or Intel doing
their current crypto/DRM stuff, which, given the amount iPod/iTunes writes
to their bottom line now, is apparently why Apple really switched from PPC
to Intel now instead of later. You know they're going to do evil, but at
least the *other* malware goes away.

So, sure. SSL to the keys. That way Lotus *still* won't run, and business
gets  done in Redmond a little while longer.

Cheers,
RAH
Somewhere, Dr. Franklin is laughing, of course...
-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Any comments on BlueGem's LocalSSL?

2005-10-28 Thread Peter Gutmann 
http://www.bluegemsecurity.com/ claims that they can encrypt data from the
keyboard to the web browser, bypassing trojans and sniffers, however the web
pages are completely lacking in any detail on what they're actually doing.
>From reports published by West Coast Labs, it's a purely software-only
solution that consists of some sort of (Win9x/Win2K/XP only) low-level
keyboard driver interface that bypasses the standard Windows user-level
interface and sends keystrokes directly to the application, in the same way
that a number of OTFE packages directly access the keyboard driver to try and
evade sniffers.

The West Coast Labs tests report that they successfully evade all known
sniffers, which doesn't actually mean much since all it proves is that
LocalSSL is sufficiently 0-day that none of the sniffers target it yet.  The
use of SSL to get the keystrokes from the driver to the target app seems
somewhat silly, if sniffers don't know about LocalSSL then there's no need to
encrypt the data, and once they do know about it then the encryption won't
help, they'll just dive in before the encryption happens.

Anyone else have any additional information/comments about this?

Peter.