Re: IBM to built crypto-on-a-chip into all its PCs
In <[EMAIL PROTECTED]>, on 09/30/99 at 11:39 AM, Damien Miller <[EMAIL PROTECTED]> said: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 >On Tue, 28 Sep 1999, William H. Geiger III wrote: >> In, on 09/27/99 >>at 03:41 PM, Robert Hettinga <[EMAIL PROTECTED]> said: >> >> >Probably IBM will first want to see how attractive the technology is to >> >punters. At least the approach of using an ancillary encryption chip >> >should keep IBM safe from the nightmare Intel faced when it attempted to >> >railroad CPU ID numbers on users. >> >> No Code == No Trust! >> >> This has all the security/trust problems that Intel's RNG does and more. I >> wouldn't touch this thing with a ten foot poll. >I don't see what this paranoia gains you. If you haven't noticed this is a business of paranoia. >If you do not trust the crypto processor then you should throw the whole >machine out - there are *so* many other ways that IBM could have >compromised the system. So you suggest the head in the sand approach? There are so many different ways a system can be compromised so we will just ignore them all? Surely you are not naive enough to blindly trust someone's crypto black box just because they say it's secure? -- --- William H. Geiger III http://www.openpgp.net Geiger ConsultingCooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii Hi Jeff!! :) ---
Re: IBM to built crypto-on-a-chip into all its PCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 29 Sep 1999, William H. Geiger III wrote: > >If you do not trust the crypto processor then you should throw the whole > >machine out - there are *so* many other ways that IBM could have > >compromised the system. > > So you suggest the head in the sand approach? There are so many different > ways a system can be compromised so we will just ignore them all? Surely > you are not naive enough to blindly trust someone's crypto black box just > because they say it's secure? Surely you are not naive enough to blindly trust someone's black box of a CPU just because they say it is not contain trapdoors? This applies even more so for operating systems. Have you audited every line of Warp 4.0? Of course not, but you are willing to rant about the alleged insecurity of a crypto chip by the very same vendor. You don't see the inconsistency? Regards, Damien Miller - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.ilogic.com.au/~dmiller | Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work) -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE38t6QormJ9RG1dI8RAguOAKCa5hMRymU0i+dq31qR/Vseobmc8gCfegXY 80q/C5xn1dVVDcBNoSJ4yoU= =8iQs -END PGP SIGNATURE-
Re: IBM to built crypto-on-a-chip into all its PCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 28 Sep 1999, William H. Geiger III wrote: > In, on 09/27/99 >at 03:41 PM, Robert Hettinga <[EMAIL PROTECTED]> said: > > >Probably IBM will first want to see how attractive the technology is to > >punters. At least the approach of using an ancillary encryption chip > >should keep IBM safe from the nightmare Intel faced when it attempted to > >railroad CPU ID numbers on users. > > No Code == No Trust! > > This has all the security/trust problems that Intel's RNG does and more. I > wouldn't touch this thing with a ten foot poll. I don't see what this paranoia gains you. If you do not trust the crypto processor then you should throw the whole machine out - there are *so* many other ways that IBM could have compromised the system. This is doubly interesting given you choice of operating system (as mentioned in your .sig). Regards, Damien Miller - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.ilogic.com.au/~dmiller | Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work) -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE38r9IormJ9RG1dI8RAlKbAJ0ZfyuIjjyJ8MYfD0K5r/c/ieHtQwCggqcf Iu2q9DmK5cLmtKSUWceJras= =Ok+o -END PGP SIGNATURE-
Re: IBM to built crypto-on-a-chip into all its PCs
In, on 09/27/99 at 03:41 PM, Robert Hettinga <[EMAIL PROTECTED]> said: >Probably IBM will first want to see how attractive the technology is to >punters. At least the approach of using an ancillary encryption chip >should keep IBM safe from the nightmare Intel faced when it attempted to >railroad CPU ID numbers on users. No Code == No Trust! This has all the security/trust problems that Intel's RNG does and more. I wouldn't touch this thing with a ten foot poll. --- William H. Geiger III http://www.openpgp.net Geiger ConsultingCooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii Hi Jeff!! :) ---
IBM to built crypto-on-a-chip into all its PCs
--- begin forwarded text Date: Mon, 27 Sep 1999 17:01:05 +0100 From: Somebody To: [EMAIL PROTECTED] Subject: IBM to built crypto-on-a-chip into all its PCs Posted 27/09/99 12:09pm by Tony Smith IBM to built crypto-on-a-chip into all its PCs http://www.theregister.co.uk/990927-12.html IBM will tomorrow launch an all-in-one encryption chip designed to protect documents stored on desktop PCs and servers. The chip, as yet unnamed, will be initially installed in IBM's 300PL PC, but will soon be built into the company's full line of desktop systems. Actually, the 300PL may not feature the new chip since it's based on Intel's i820 chipset and, as Intel revealed today, <http://www.theregister.co.uk/990927-11.html>the i820's release has been delayed indefinitely. IBM said users will pay no more for a hardware encryption-enabled PC than they will for a machine without the chip. In addition to handling key encryption -- the technology most usually associated with document protection -- the chip will also generate and verify digital signaturees. IBM's plan is clearly to make its machines more appealing to the growing number of computer users buying desktops solely to surf the Internet at do a little online shopping. The move should also make its PCs more attractive to companies performing business-to-business transactions over the Net. Of course, Big Blue is keen to be seen as acting in everyone's interest here, which is why the company's general manager for desktop systems, Anne Gardner, told Reuters: "We want this to become an industry standard. We want this on as many desktops as possible." However, IBM clearly wants to retain a lead, which no doubt explains Gardner's reluctance to discuss any plans the company may have to licence the technology to motherboard vendors. All she would say on the subject was a vague "you may see something along those lines in the future". Probably IBM will first want to see how attractive the technology is to punters. At least the approach of using an ancillary encryption chip should keep IBM safe from the nightmare Intel faced when it attempted to railroad CPU ID numbers on users. --- end forwarded text - Robert A. Hettinga The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'