RE: TCPA hack delay appeal

2002-08-16 Thread Lucky Green

AARG! Wrote:
 
 It seems that there is (a rather brilliant) way to bypass 
 TCPA (as spec-ed.) I learned about it from two separate 
 sources, looks like two independent slightly different hacks 
 based on the same protocol flaw.
 
 Undoubtedly, more people will figure this out.

Hopefully some of those people will not limit themselves to hypothetical
attacks against The Spec, but will actually test those supposed attacks
on shipping TPMs. Which are readily available in high-end IBM laptops.

--Lucky Green




RE: TCPA hack delay appeal

2002-08-16 Thread Mike Rosing

On Thu, 15 Aug 2002, Lucky Green wrote:

 Hopefully some of those people will not limit themselves to hypothetical
 attacks against The Spec, but will actually test those supposed attacks
 on shipping TPMs. Which are readily available in high-end IBM laptops.

But doesn't the owner of the box create the master key for it?  They
imply that in their advertising, but I've not seen anything else
about it.  It was advertised to be protection for corporate data, not
a DRM/control type thing.  It would be very interesting to know the
details on that.

I found this:
http://www.pc.ibm.com/ww/resources/security/securitychip.html
but the link to IBM Embedded Security Subsystem goes to page
not found.

but this one:
http://www.pc.ibm.com/ww/resources/security/secdownload.html
says in part:
IBM Client Security Software is available via download from the Internet
to support IBM NetVista and ThinkPad models equipped with the Embedded
Security Subsystem and the new TCPA-compliant Embedded Security Subsystem
2.0. By downloading the software after the systems have been shipped, the
customer can be assured that no unauthorized parties have knowledge of the
keys and pass phrases designated by the customer.

So it looks like IBM is ahead of Microsoft on this one.  but if
TCPA isn't fully formalized, what does TCPA-compliant mean?

In any case, they imply here that the customer needs to contact
IBM to turn the thing on, so it does seem that IBM has some kind
of master key for the portable.  I wonder if they mean IBM is
authorized to know the customer's keys?

Patience, persistence, truth,
Dr. mike




TCPA hack delay appeal

2002-08-15 Thread AARG! Anonymous

It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned 
about it from two separate sources, looks like two independent slightly different 
hacks based on the same protocol flaw.

Undoubtedly, more people will figure this out.

It seems wise to suppress the urge and craving for fame and NOT to publish the 
findings at this time. Let them build the thing into zillion chips first. If you must, 
post the encrypted time-stamped solution identifying you as the author but do not 
release the key before TCPA is in many, many PCs.