[open-source] Open Source TCPA driver and white papers

Ben Laurie ben at algroup.co.uk
Thu Jan 23 10:06:53 EST 2003


Douglas Lee Schales wrote:
> In reply to your message dated: Wed, 22 Jan 2003 13:09:30 EST
> 
> This is has descended into the ridiculous.  TCPA has been tossed about
> as being a great coming evil, the end of the open computing world.  We
> finally get some technical information published about TCPA that's not
> only of keen interest to the Open Source community, but also of use
> (source code).
> 
> The only result of this publication is an inane discussion about the
> use of "hacker" vs "cracker".
> 
> Get a grip... discuss the technical content!

Actually, I think its important to be clear about the differences 
between TCPA and Palladium. It seems quite obvious that _this version_ 
of TCPA is not designed (unlike Palladium) to provide DRM, though it is 
equally clear that they've failed to point out the obvious attack (which 
is to intercept the content once it has been decrypted, an attack 
Palladium explicitly defends against). In the meantime, the arguments 
"demonstrating" their weakness as a DRM platform are rather unsound.

They make two main points:

1. Variations in BIOS, OS and application will render it impossible to 
check PCR values. However, this argument also renders the chip useless 
for its intended purpose (i.e. if the PCR values change, you can no 
longer unseal your keys!).

2. The chip is vulnerable to power analysis and other advanced trickery. 
This may be true, but is quite probably not in reach of the ordinary user.

So, one must wonder why they mention these points but not the easy 
attack (snarf the content after decryption)? Presumably because they 
intend to close that at some point in the future, so using it as a 
defence now would be bad. Of course, once that hole is closed TCPA _is_ 
Palladium.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list