lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri Dec 16 00:07:22 2005
From: jeroen at unfix.org (Jeroen Massar)
Subject: TPM - will it work as pushed to the public?

Valdis.Kletnieks@...edu wrote:
> On Thu, 15 Dec 2005 12:47:10 CST, Todd Towles said:
> 
>> http://www.msnbc.msn.com/ID/10441443
>>
>> Is it me or is this totally not going to work for normal people?
> 
> You totally missed the point (which the TPM proponents *are* trying hard to
> gloss over, so it's not surprising)...
> 
> TPM isn't about protecting you.  It's about protecting the owner of the DRM
> and related crap that will be forced down your throat.

Indeed it is more for them to protect their intellectual property than
anything else. But I guess most people, who want to earn a living coding
software and building hardware (or managing music artists ;) actually
will be happy with that. People with a less fatter wallet, or who never
coded a line, never spent time on playing an instrument won't be that
happy with it ;) IPR is IMHO more about respecting the authors than
anything else. Usually the person who actually did the work get peeped
over the money issue anyway. "Meja - It's all about the money" :)

The 'point' made about running a VNC to 'inject' and take over is not
(supposed to be ;) true for TPM protected devices. These devices, eg
keyboard/mouse/fingerprint scanners/etc run in the 'tpm protected
channel' and only trusted applications should have access to them, not
your trojan VNC. Of course that is what it is supposed to do,
OpenBSD/Windows/Linux/Solaris/AIX/<your favourite OS> is also supposed
to be secure and everybody finds a bug there. But TPM does help to make
it a bit more difficult ;)

I will also not be surprised for some company who is against TPM to
create a contest with some nice prize money award to crack it wide open.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 238 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051216/f2b21d21/signature.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ