lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3E074B9A.9020501@guninski.com>
From: guninski at guninski.com (Georgi Guninski)
Subject: Trustworthy Computing Mini-Poll

Bruce Ediger wrote:

> On Sun, 22 Dec 2002, Simon Richter wrote:
>
>
> >I believe they have thought about this. Trusted software can only be
> >debugged on a special "developer" machine. My personal favourite would
> >be the "carefully crafted" DVD, which uses a buffer overflow in a player
> >routine (where people optimize for speed over security anyway). :-)
>
>
> So, let me get this straight:
>
> (1) TCPA will only protect us against the what's traditionally been
> the least virulent form of computer viruses, file infectors.
> (2) TCPA won't help the spam situation.
> (3) Only specially licensed machines can run a debugger.
> (4) TCPA machines won't allow us to copy arbitrary files - the hardware
> or something prevents us from copying some "magic" files.
>
> The upshot of #3 seems like "you can compile programs only if you you've
> got a special license", but I don't know if the whole thing goes that far.
>
> Why on earth would I pay money for such a deliberately, cynically crippled
> piece of hardware?  "Sure, Mr Gates and Mr Grove!  I'll pay a thousand
> dollars for your new Tee Vee I mean Pee Cee!"  You've got to be kidding
> about all this.  Surely a free market won't allow this kind of crippling
> to take place - it will have to be performed by some kind of government
> fiat.
>

IMHO they can't do it technologically right. It will be the same sh*t as now.
Just check the m$ advisory which states - "remove microsoft from the trusted 
publishers". lol. And funny things may happen if an important key gets 
compromised as it have happened before.
Also there is great chance it will piss off even microsoft certified solitaire 
experts.
Judging from the amount of spam which offers to "copy any dvd to cd", it will be 
broken as soon as a beta is out if not earlier.

georgi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ