lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20021220142437.GG2338@localhost>
From: Simon.Richter at hogyros.de (Simon Richter)
Subject: Trustworthy Computing Mini-Poll

Hi,

On Fri, Dec 20, 2002 at 02:47:59AM +0100, yossarian wrote:
>> Would you buy/use it if you had the choice? I mean, there are a lot of
>> advantages... :-)

> Now you've got me interested - what advantages is TCPA offering me?

We're currently talking about the (hypothetical) features of the
hardware in my questionnaire -- i.e. CPUs that support a "web of trust" or
at least require a signature from the computer's owner or a trusted
third party (designated by the owner). I.e. not TCPA, but what TCPA
should be, and could be if someone pushed hard enough in that direction,
since it does what the TCPA is all about -- copy protection and trusted
executables -- however it creates a free market in which customers can
decide what to buy. 

> What
> features will my new computer have, that will convince me to lose certain
> options I have right now - playing music, copying what I like, etc?.

I'd say protection from binary viruses and stack overflows, plus if
someone breaks into your computer and you have stored your key in a safe
place you can tell what she modified. So this would be a definitve must
if you're builing a server, and I'm asking now whether you would like
those features on your home box as well, even if you had to give up DVD
copying or get special illegal hardware for it.

Basically I'm on your side -- but I fear that if noone speaks up and
points out a better alternative, we will be stuck with TCPA as it
currently is, and lose the options we currently have anyway (since we
cannot decrypt stuff from the Internet or from DVDs on our hardware). So
I'm searching for a better alternative. I'm ignoring all the copy
protection stuff since it will be broken withing a few moths anyway, and
just concentrate on the stuff M$ invented against the OSS people.

> It
> should so very good it will convince me to actually trow away my old
> computers that can do all this evil things. I could still use them and just
> buy a new one for all the new goodies, hwatever they might be?

Your old computers cannot do evil things -- they cannot access media
created since the TCPA rollout.

> support - do you think that peripheral makers are going to stop supporting
> non-TCPA operating systems? They might, but it will mean they'll also loose
> customers.

Most of them will need to start supporting other OSes first. Also, as a
hardware vendor, you may not support non-TCPA OSes, except if you take
care that no unencrypted data leaves the sandbox (which makes the
hardware pretty unusable).

   Simon

-- 
GPG Fingerprint: 040E B5F7 84F1 4FBC CEAD  ADC6 18A0 CC8D 5706 A4B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021220/46ec217e/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ