[Cryptography] [FORGED] Re: USB 3.0 authentication: market power and DRM?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun May 1 16:07:58 EDT 2016


Kevin W. Wall <kevin.w.wall at gmail.com> writes:

>Is perhaps the (alleged) reason for the authentication to prevent altered
>chargers from delivering malware,

One genuine reason, although it's not clear that the auth achieves it, is to
prevent problems due to cables that lie about their capabilities.  The typical
USB cable is 28 AWG, which can't carry anywhere near the power that USB 3
power delivery is rated for.  So you get a cheap Chinese cable that lies about
its capabilities, which then melts or catches fire when the device attached to
it tries to draw the advertised amount of power.  Or shorts out at full power,
or fries the power source when the device attached to it tries to draw 5x what
it's rated for based on what the cable told it.  Or a zillion other failure
modes induced by something lying about its capabilities.

Peter.


More information about the cryptography mailing list