Re: Dell to Add Security Chip to PCs
Erwann ABALEA wrote: On Wed, 2 Feb 2005, Trei, Peter wrote: Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys. So .. the way this works is that Dell & Microsoft ship you a computer with lots of nice multimedia stuff on it. You take control of your chip by erasing it and regenerating keys, and then the multimedia software that you paid for no longer works? I'm just curious on this point. I haven't seen much to indicate that Microsoft and others are ready for a nymous, tradeable software assets world. iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/
Re: Dell to Add Security Chip to PCs
On Wed, Feb 02, 2005 at 05:30:33PM +0100, Erwann ABALEA wrote: > Please stop relaying FUD. You have full control over your PC, even if this Please stop relaying pro-DRM pabulum. The only reason for Nagscab is restricting the user's rights to his own files. Of course there are other reasons for having crypto compartments in your machine, but the reason Dell/IBM is rolling them out is not that. > one is equiped with a TCPA chip. See the TCPA chip as a hardware security > module integrated into your PC. An API exists to use it, and one if the > functions of this API is 'take ownership', which has the effect of > erasing it and regenerating new internal keys. Really? How interesting. Please tell us more. -- Eugen* Leitl http://leitl.org";>leitl __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpNWd5zynCg5.pgp Description: PGP signature
Links exchange with http://vegasreference.com.
Hello Webmaster, We have been looking for partners to exchange links with our site. I have taken a look at your site and it seems like it would be a great resource that people might be interested in visiting. I propose that we exchange links. If you will link to our website, please use the following linking details: Note: I require that your link page: -- is at least PR 2, -- is located maximum 2 clicks from home page, -- includes maximum 50 outgoing links. I can guarantee the same quality of link pages for your link. URL : http://www.1st-phentermine.net/phentermine_faq.html TITLE : Phentermine DESCRIPTION : Order Phentermine from 1st Phentermine pharmacy. or html code: http://www.1st-phentermine.net/phentermine_faq.html";>PhentermineOrder Phentermine from 1st Phentermine pharmacy. Please let me know at your earliest convenience where our link is located so we can add you to our directories as soon as possible. P.S. If this was not the correct person to send this request to, please accept my sincerest apologies. If you could forward this on to the correct person, I would be most appreciative. Warm regards, Dave Wooly
Jim Bell WMD Threat
The FBI continues to claim Jim Bell is a WMD threat despite having no case against him except in the media, but that conforms to current FBI/DHS policy of fictionalizing homeland threats. http://www.edgewood.army.mil/downloads/bwirp/mdc_appendix_b02.pdf See page 16. This document was initially prepared in June 2002, updated in June 2003.
RE: Jim Bell WMD Threat
Some of that is actually pretty funny, like "Mixed in with food served to ex-girlfriend". It really boils down to drumming up a stable gig for yourself. -TD From: John Young <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Jim Bell WMD Threat Date: Wed, 02 Feb 2005 19:43:52 -0800 The FBI continues to claim Jim Bell is a WMD threat despite having no case against him except in the media, but that conforms to current FBI/DHS policy of fictionalizing homeland threats. http://www.edgewood.army.mil/downloads/bwirp/mdc_appendix_b02.pdf See page 16. This document was initially prepared in June 2002, updated in June 2003.
RE: Dell to Add Security Chip to PCs
Erwann ABALEA > On Wed, 2 Feb 2005, Trei, Peter wrote: > > > Seeing as it comes out of the TCG, this is almost certainly > > the enabling hardware for Palladium/NGSCB. Its a part of > > your computer which you may not have full control over. > > Please stop relaying FUD. You have full control > over your PC, even if this one is equiped with > a TCPA chip. See the TCPA chip as a hardware > security module integrated into your PC. An API > exists to use it, and one if the functions of > this API is 'take ownership', which has the effect of > erasing it and regenerating new internal keys. Congratulations on your new baby. Working in the security business, paranoia is pretty much a job requirement. "What's the worst that could happen?" is taken seriously. The best that can happen with TCPA is pretty good - it could stop a lot of viruses and malware, for one thing. But the worst that can happen with TCPA is pretty awful. It could easily be leveraged to make motherboards which will only run 'authorized' OSs, and OSs which will run only 'authorized' software. And you, the owner of the computer, will NOT neccesarily be the authority which gets to decide what OS and software the machine can run. If you 'take ownership' as you put it, the internal keys and certs change, and all of a sudden you might not have a bootable computer anymore. Goodbye Linux. Goodbye Freeware. Goodbye independent software development. It would be a very sad world if this comes to pass. Peter Trei
Re: Dell to Add Security Chip to PCs
Uh, you *really* have no idea how much the black hat community is looking forward to TCPA. For example, Office is going to have core components running inside a protected environment totally immune to antivirus. Since these components are going to be managing cryptographic operations, the "well defined API" exposed from within the sandbox will have arbitrary content going in, and opaque content coming out. Malware goes in (there's not a executable environment created that can't be exploited), sets up shop, has no need to be stealthy due to the complete blockage of AV monitors and cleaners, and does what it wants to the plaintext and ciphertext (alters content, changes keys) before emitting it back out the opaque outbound interface. So, no FUD, you lose :) --Dan Erwann ABALEA wrote: On Wed, 2 Feb 2005, Trei, Peter wrote: Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys.
RE: Dell to Add Security Chip to PCs
"Tyler Durden" <[EMAIL PROTECTED]> writes: >That "chip"...is it likely to be an ASIC or is there already such a thing as >a security network processor? (ie, a cheaper network processor that only >handles security apps, etc...) > >Or could it be an FPGA? Neither. Currently they've typically been smart-card cores glued to the MB and accessed via I2C/SMB. Peter.
RE: Dell to Add Security Chip to PCs
On Wed, 2 Feb 2005, Erwann ABALEA wrote: On Wed, 2 Feb 2005, Trei, Peter wrote: Seeing as it comes out of the TCG, this is almost certainly the enabling hardware for Palladium/NGSCB. Its a part of your computer which you may not have full control over. Please stop relaying FUD. You have full control over your PC, even if this one is equiped with a TCPA chip. See the TCPA chip as a hardware security module integrated into your PC. An API exists to use it, and one if the functions of this API is 'take ownership', which has the effect of erasing it and regenerating new internal keys. -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5 After TCPA systems are the only systems for sale at CompUSA, how long before this off switch is removed? All agree we live in a time of crisis; at any moment MICROSOFT/RIAA/MPAA/HOMSECPOL/CONGREGATIONOFMARTYRS may require of all of us an attestation of faith and obedience greater and more secure than present hardware can convincingly convey. oo--JS.
Re: Dell to Add Security Chip to PCs
On Wed, 2 Feb 2005, Dan Kaminsky wrote: > Uh, you *really* have no idea how much the black hat community is > looking forward to TCPA. For example, Office is going to have core > components running inside a protected environment totally immune to > antivirus. How? TCPA is only a cryptographic device, and some BIOS code, nothing else. Does the coming of TCPA chips eliminate the bugs, buffer overflows, stack overflows, or any other way to execute arbitrary code? If yes, isn't that a wonderful thing? Obviously it doesn't (eliminate bugs and so on). > Since these components are going to be managing > cryptographic operations, the "well defined API" exposed from within the > sandbox will have arbitrary content going in, and opaque content coming > out. Malware goes in (there's not a executable environment created that > can't be exploited), sets up shop, has no need to be stealthy due to the > complete blockage of AV monitors and cleaners, and does what it wants to > the plaintext and ciphertext (alters content, changes keys) before > emitting it back out the opaque outbound interface. I use cryptographic devices everyday, and TCPA is not different than the present situation. No better, no worse. -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5
RE: Dell to Add Security Chip to PCs
Bonjour, On Wed, 2 Feb 2005, Erwann ABALEA wrote: > On Wed, 2 Feb 2005, Trei, Peter wrote: > > > Seeing as it comes out of the TCG, this is almost certainly > > the enabling hardware for Palladium/NGSCB. Its a part of > > your computer which you may not have full control over. > > Please stop relaying FUD. You have full control over your PC, even if this > one is equiped with a TCPA chip. See the TCPA chip as a hardware security > module integrated into your PC. An API exists to use it, and one if the > functions of this API is 'take ownership', which has the effect of > erasing it and regenerating new internal keys. I've read your objections. Maybe I wasn't clear. What's wrong in installing a cryptographic device by default on PC motherboards? I work for a PKI 'vendor', and for me, software private keys is a nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an expensive CC EAL4+ evaluated token, install the drivers, and solve the inevitable conflicts that will occur, simply to store his private key? You first have to be good to convice him to justify the extra depense. If a standard secure hardware cryptographic device is installed by default on PCs, it's OK! You could obviously say that Mr Smith won't be able to move his certificates from machine A to machine B, but more than 98% of the time, Mr Smith doesn't need to do that. Installing a TCPA chip is not a bad idea. It is as 'trustable' as any other cryptographic device, internal or external. What is bad is accepting to buy a software that you won't be able to use if you decide to claim your ownership... Palladium is bad, TCPA is not bad. Don't confuse the two. -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5
Re: Dell to Add Security Chip to PCs
>>> Ian G <[EMAIL PROTECTED]> 2/2/2005 6:38:46 PM >>> > I'm just curious on this point. I haven't seen much > to indicate that Microsoft and others are ready > for a nymous, tradeable software assets world. No, and neither are corporate customers, to a large extent. Accountability is, in fact, a treasured property of business computing. Lack of accountability creates things like Enron, Anderson Consulting, Oil-for-Food scams, and the missing 9 billion dollars or so of reconstruction aid. It's the fuel that propells SPAM, graft, and identity theft. What I've not seen is much work providing accountability for anonymous transactions. It's a shame people persist in thinking a single solution will satify everyone, as though computing was somehow different from everything else in life. Ed
RE: Dell to Add Security Chip to PCs
Ah. That's a good sanity check. Like I said I'm by no means an expert but I considered it highly unlikely they'd use a dedicated crypto ASIC in this context. -TD From: [EMAIL PROTECTED] (Peter Gutmann) To: [EMAIL PROTECTED], cryptography@metzdowd.com,[EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Dell to Add Security Chip to PCs Date: Thu, 03 Feb 2005 17:53:22 +1300 "Tyler Durden" <[EMAIL PROTECTED]> writes: >That "chip"...is it likely to be an ASIC or is there already such a thing as >a security network processor? (ie, a cheaper network processor that only >handles security apps, etc...) > >Or could it be an FPGA? Neither. Currently they've typically been smart-card cores glued to the MB and accessed via I2C/SMB. Peter.
RE: Dell to Add Security Chip to PCs
On Thu, 3 Feb 2005, Jay Sulzberger wrote: > On Wed, 2 Feb 2005, Erwann ABALEA wrote: > > > On Wed, 2 Feb 2005, Trei, Peter wrote: > > > >> Seeing as it comes out of the TCG, this is almost certainly > >> the enabling hardware for Palladium/NGSCB. Its a part of > >> your computer which you may not have full control over. > > > > Please stop relaying FUD. You have full control over your PC, even if this > > one is equiped with a TCPA chip. See the TCPA chip as a hardware security > > module integrated into your PC. An API exists to use it, and one if the > > functions of this API is 'take ownership', which has the effect of > > erasing it and regenerating new internal keys. > > After TCPA systems are the only systems for sale at CompUSA, how long > before this off switch is removed? All agree we live in a time of crisis; > at any moment MICROSOFT/RIAA/MPAA/HOMSECPOL/CONGREGATIONOFMARTYRS may > require of all of us an attestation of faith and obedience greater and more > secure than present hardware can convincingly convey. And do you seriously think that "you can't do that, it's technically not possible" is a good answer? That's what you're saying. For me, a better answer is "you don't have the right to deny my ownership". -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5
