Peter N. Biddle wrote: >[...] You can still extract everything in Pd via a HW attack. [...] > >How is this BORE resistant? The Pd security model is BORE resistant for a >unique secret protected by a unique key on a given machine. Your hack on >your machine won't let you learn the secrets on my machine; to me that's >BORE resistant. [...]
Yes, but... For me, BORE (Break Once Run Everywhere) depends on the application. You can't analyze Palladium in isolation, without looking at the app, too. It doesn't make sense to say "Palladium isn't susceptible to BORE attacks", if the applications themselves are subject to BORE attacks. For example, if a record company builds an app that stores a MP3 of the latest Britney Spears song in a Palladium vault, then this app will be susceptible to BORE attacks. Extracting that MP3 from any one machine suffices to spread it around the world. It won't comfort the record company much to note that the attacker didn't learn the Palladium crypto keys living on other machines; the damage has already been done. Palladium doesn't make DRM resistant to BORE attacks. It can't. In short, there are some applications that Palladium can't make BORE-resistant. Some apps (e.g., DRM) are simply fundamentally fragile. Maybe a more interesting question is: For which apps does Palladium provide resistance against BORE attacks that is not available by other means? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
