Re: Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)

> Software-based attacks are redistributable. Once I write a program > that hacks a computer, I can give that program to anyone to use. I > can even give it to everyone, and then anyone could use it. The > expertise necessary can be abstracted away into a program even my > mother could use. > >

Re: Palladium -- trivially weak in hw but "secure in software"??(Re: palladium presentation - anyone going?)

At 4:52 PM +0100 10/22/02, Adam Back wrote: Remote attestation does indeed require Palladium to be secure against the local user.  However my point is while they seem to have done a good job of providing software security for the remote attestation function, it seems at this point that hardware s

Re: Palladium -- trivially weak in hw but "secure in software"??(Re: palladium presentation - anyone going?)

On Tue, 22 Oct 2002, Rick Wash wrote: > Hardware-based attacks cannot be redistributed. If I figure out how > to hack my system, I can post instructions on the web but it still > requires techinical competence on your end if you want to hack your > system too. > > While this doesn't help a whole

Re: Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)

On Tue, Oct 22, 2002 at 04:52:16PM +0100, Adam Back wrote: > So they disclaim in the talk announce that Palladium is not intended > to be secure against hardware attacks: > > | "Palladium" is not designed to provide defenses against > | hardware-based attacks that originate from someone in control

Re: Palladium -- trivially weak in hw but "secure in software"??(Re: palladium presentation - anyone going?)

On Tue, 22 Oct 2002, Nelson Minar wrote: > I doubt it, though. Even a paper-thin shred of hardware protection is > enough to prevent 99% of the people from circumventing DRM technology. > Joe Sixpack isn't going to install a mod chip, and his local computer > store can't do it for him for fear of

Re: Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)

Adam Back says: >Providing almost no hardware defenses while going to extra-ordinary >efforts to provide top notch software defenses doesn't make sense if >the machine owner is a threat. So maybe the Palladium folks really mean it when they say the purpose of Palladium is not to enable DRM? I dou

Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)

Remote attestation does indeed require Palladium to be secure against the local user. However my point is while they seem to have done a good job of providing software security for the remote attestation function, it seems at this point that hardware security is laughable. So they disclaim in t