Cryptogram: Palladium Only for DRM

Mon Sep 16 16:32:04 EDT 2002

AARG!Anonymous <remailer at aarg.net> writes:
> One likely use of Pd for banking software would be to use the "secure
> vault" to lock up account number and password information.  This would
> ensure that no other software than the banking client could access this
> data,

That's what an MMU and file permissions are for. Palladium isn't
needed for such a thing.

> so that if you got a virus it would not be able to empty your
> banking account.

Why not simply design the OS so it is not a likely victim for viruses?
This is a general security problem, not one special to banking
operations. My own machine doesn't seem to get viruses -- but then
again it doesn't run Windows. Funny, that.

(And before you mention the current worm infecting Linux apache sites,
that's also caused by bad design, not an problem that requires
hardware to fix.)

> And if the virus infected the banking client software
> itself, that would change its hash which would keep it from being able
> to access the data.

There are patches to NetBSD that happily prevent a program that does
not have a particular hash from executing, and similar code for
several other OSes I've seen. We need no hardware to do this. On the
other hand, who needs hash functions when an ordinary user can't alter
the executable because he doesn't have permissions?

I know this is a new concept to windows users -- I had to give my CFO
admin privs on his XP box because Quickbooks refused to run otherwise
-- but it is indeed possible to work on a machine where you don't have
the right to write every file on the system.

In any case, all of this is silly. Palladium is no more likely to be
bugless than the OS. If you break it, why is that less damaging than
breaking the OS?

> Contrary to Niels Ferguson's comments, these kinds of applications
> are far from silly.

I disagree. This is all like saying you need a rifle to shoot
cockroaches when swatting them with a shoe does fine and using poison
traps works even better. Using a rifle for the application is indeed
silly.

> The next Nimda could empty your bank account and transfer its entire
> contents irreversibly to an overseas server.

Not under US law it couldn't. You could just have the transfer
reversed as fraudulent.

Beyond that, though, there is the little detail that Nimda and Klez
etc. are only possible because Windows is so poorly designed. I can't
GET an email virus, because my machine doesn't have those sorts of
design flaws. (It has plenty of others, but email viruses aren't a
problem for me.)

No, it appears to me that the only real excuse for Palladium is to
allow third parties to take control of hardware I own to prevent me
from using it the way that I want to. I don't need it to keep my bank
account safe.

-- 
Perry E. Metzger		perry at piermont.com
--
"Ask not what your country can force other people to do for you..."

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com