Slashdot Mirror

It turns out, that especially when cooled, the RAM may in fact retain information for some period short enough to allow the device to be unpowered and repowered, and essentially retain all its data. (there may be a few errors).

Actually, the period can be quite significant. One of my projects involved a kernel that could only dump messages to RAM. To get it out, I'd reboot the board and dump the log buffer. At regular room temperature, but elevated board temperature (jthe CPU was running for a good tilt so the board heated up), a power cycle (under 1s) would let you read it out perfectly. After 10s off, you could see corruption but was mostly readable. After 30s or so, it was barely readable.

It appears the main physical phenomena is that the memory capacitors "distort" ever so slightly so the RAM doesn't completely powerup randomly, but is influenced by what was held there previously. It's a time related thing as well - a memory cell that was rapidly cycled would tend to have a lower time before corruption than a cell which held data staticly for a long time. Since encryption keys tend to fall in the latter, the memory tends to stay that way a bit longer (unless the code periodically switches memory buffers and scrubs the old one - it doesn't take much - just store a new pattern in then and it'll overwrite the old one).

Sections 7 and 8 of the famous Gutmann paper detail this effect in memory as well (you may recall the paper dealt with recovery of data off hard drives - but it also dealt with semiconductor nonvolatile memory as well).

A followup paper(PDF) goes into more detail on semiconductor memory including flash storage.

Choose your "experts" carefully.

I'll take an expert over a pay-for-say MS "expert" any day. Facts happen to run against MS, get over it. That's why the marketing firms they hire come down so hard on reviewers, evaluators and benchmarkers.

If you want to get down to the bottom of some of the many, many problems with MS Vista, as well as the OpenGL imitation, then see Peter Gutmann's analysis, A Cost Analysis of Windows Vista Content Protection.

Running a smear campaign may or may not annoy the author, but it is the facts he is reporting. You can even read Peter's response to the MS attack dogs where he addresses their tactics as well as emphasizes some of the points they chose to skip over.

MS has a long history of manufacturing abuse of not just critics but also critical data. Money spend on MS products goes into funding unethical, anti-competitive, and, in some cases, illegal activity. Even helping keep the monopoly going, whether intentionally or unintentionally, by not supporting open formats or protocols allows the malfeasance continued funding.

Didn't take long to find these...

http://davisfreeberg.com/2008/01/03/bad-copp-no-netflix/
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html
http://blogs.zdnet.com/hardware/?p=1865
http://www.grc.com/sn/SN-074.htm
http://www.cypherpunks.to/~peter/vista.pdf

As I recall, 98 was offered on all retail computers without choice. Dell offered Red Hat for a short time but was promptly "Whacked" out of it. You could also get it long after the birth of XP for about $99 and sometimes less with the purchase of hardware. M$ was not nearly as pushy with 98 or XP as they were are with Vista. After a few years XP finally stabilized into the less buggy thing it was two years ago and M$ finally killed 98.

Vista is being pushed like Steve Ballmer has not eaten in seven years. That's contributing in a big way to the Vista's failure and the rise of GNU/Linux. The more shrill M$ acts with people like Peter Gutmann and Peter Quinn the quicker the rest of us will run away from them.

Anyone who could defend Vista and DRM is a huge ass, given the number and quality of people who say both suck. Everything you don't want to know about Ou and Gutmann is here. and I'll reproduce it entirely.

Just for fun, Vista IS a power hog that will contribute to global warming if used, so even that charge is vindicated. Here, though, is a thorough account of George Ou and Ed Bott's harassment of researcher Peter Gutmann:

Windows DRM: A Response to the Disinformation

This is a response to a series of articles by George Ou and Ed Bott of ZDNet stretching over a period of more than a month. I'll try to stay away from the assorted personal attacks in George and Ed's articles and just outline the details.

It all started with an email from George Ou, who decided, without ever hearing my talk on content-protection issues or seeing the slides for the talk, that what I'd said in the slides was wrong. I offered to send them to him, but by then he'd gone ahead and posted his conclusions anyway, still without ever actually having seen the slides that he's commenting on. Later he changed his story to claim quite emphatically that he wasn't attacking the slides at all, which seems a bit contradictory since the material wasn't present anywhere but the slides.

Dealing with him was quite weird in a number of other ways as well. For example whenever anyone anywhere posted something that happened to agree with his position, I'd immediately get a gleeful email from him crowing about it. I never even saw the articles, because George would beat me to them every time. It's as if I had my own personal "news about George Ou" news-clipping service provided for me by ZDNet.

He even went so far as to lodge a formal complaint about me with the University, although since I'd been trying quite hard to ignore him (both he and Ed even mentioned this in their blogs), I'm not really sure what he complained about (details of complaints are treated as confidential). Maybe he was upset because I wasn't paying any attention to him.

Ed's tactics were slightly different. He posted his initial comments on a blog whose existence I wasn't even aware of (and therefore had no way of responding to) and then summarily declared victory in a later blog posting based on the fact that I didn't reply. The only communication I had from him in that time was a long lecture that he sent me about professionalism (!!).

In this entire time, neither George nor Ed ever tried to obtain the slides from me ("I never asked for his slides" - George Ou), the actual material that started this whole thing. I've sent out copies of the slides to every single person who asked for them, but neither Ed nor George ever bothered contacting me to get the slides that they were attacking or to do any fact-checking whatsoever for the material they were posting to their blogs. Indeed, all I got from Ed was a long sermon on professionalism.

Ed's most recent missive came in multiple instalments, since most of it makes for somewhat tedious reading I've provided a brief commentary on the main points as an appendix for people who really feel the need to go through it all, but I've just included a quick summary here to save space. So let's see what Ed's justification is for claiming that "Everything you've read about Vista DRM is wrong":

• Avoiding asking me for the current slides so that he can attack a ~9-month- old copy of the writeup (which goes hand in hand with his earlier trick of posting an article to a blog that I didn't know existed, and therefore had no chance of replying to).
• As a corollary, finding that some web pages and news stories linked at the time have changed.
• A disagreement over whether a 46" monitor is suitable for a desktop PC, and another one over whether polling thirty times a second is exce

Most clients come with upload limits and most people know this.

Why is slashdot linking to stories by a troll like George Ou? His treatment of Peter Gutmann is unforgivable. His articles look reasonable, but you can never tell with that guy. He's using all M$, so his results are suspect even if he were honest. Then again, the conclusion - don't burn up all of your upload bandwith - is something most people already know. The question it begs, why are cable networks so crappy, is never asked. If Slashdot must cover such basic information, it should do so from a reputable source.

It would help the argument a lot if people would stop posting the link to Peter Gutman's first paper. He already has acknowledged that some facts were based on pre-release versions of Vista, and Microsoft trial-balloons.

The newer slideshow addresses much the same issues, without the minor holes the MS astroturfers can use to misdirect attention away from the main points.

That ass is what broadcasters and the people attacking net neutrality would like to shovel on everyone. The issue is free speech and the broadcaster goal is to eliminate competition so we are all forced to keep watching their usual shit.

I don't know why anyone would listen to Ou but his core arguments are easy to dismantle. This is the same ass who savagely attacked researcher Peter Gutmann only to whine later when Vista crapped out for him. The core argument so insultingly put forth is that selective blocking of P2P is not, "violating someone's right to free speech and impinging on their civil rights." Duh! most of the same ISPs have blanket statements prohibit subscribers from operating "servers". They turn a blind eye for the most part, but the language blatantly says "we have the right to chose how you communicate." This is indeed a restriction on your free speech that puts you at the mercy of other ISPs who may also decide to kick you out. The net result of successful censorship is imploding civil rights.

People are angry about domestic spying abuses, torture, arrest without warrant and paranoid airport security that are increasingly being used to punish political opposition. The Republican party is about to get voted out of office under a cloud not seen since the Nixon administration. Those who replace them will feel little compulsion to fix those problems if they can silence mainstream discussion of civil rights abuses and continue abusing real dissidents. They will only be able to do this if they continue the Republican assault on the internet.

Mr. Ou, you need to STFU. Your incumbent favoring rants are not only politically clueless, they are technically flawed. The better answer to congestion is to build out US networks before they sink out of the top 50th in the world. At 26th and falling, it won't be long before places like Cuba have better networks than the US. Censoring equipment steals bandwith because every decision takes time that adds pointless delays. Everything that delays build out and encourages companies to buy censorship equipment is harmful and little better reasoned that Goatse Ass.

See Data Remanence in Semiconductor Devices (PDF) by Peter Guttmann.

The only problem with this is that the data may still be recoverable even if it was overwritten before being powered down, e.g. 2t minutes of 0 followed by t minutes of 1 could potentially be detected as a 0 by careful analysis. A better solution is to flip the bits of important data every minute or so, so that no one value predominates. Source: Data Remanence in Semiconductor Devices, Peter Gutmann. http://www.cypherpunks.to/~peter/usenix01.pdf

This is yet another attack that the developer of loop-AES thought about while typically every other disk encryption tool out there is vulnerable. Loop-AES is the 3rd most popular disk encryption tool in Linux. See the KEYSCRUB=y option in its README file:

If you want to enable AES encryption key scrubbing, specify KEYSCRUB=y on make command line. Loop encryption key scrubbing moves and inverts key bits in kernel RAM so that the thin oxide which forms the storage capacitor dielectric of DRAM cells is not permitted to develop detectable property. For more info, see Peter Gutmann's paper.

I have used loop-AES as a full disk encryption tool on my laptop for 2+ years. I am glad I took the time to carefully research which tool would the most secure before deploying it ! For example even TrueCrypt and dm-crypt are vulnerable to other (arguably minor) security issues that loop-AES is impervious to: http://article.gmane.org/gmane.linux.cryptography/2321

Surprisingly, the research paper TFA talks about doesn't even directly mention loop-AES (its name only happens to be in the title of a webpage in the reference section describing a safe suspend/resume setup when using disk encryption).

In response to the CNet comment Gutmann has actually responded to Ou (unfortunately it's undated but it seems to be from about September). Based on the behaviour thats documented there Ou comes across as a complete nutcase. How can anyone take someone like that seriously?

Hasn't Guttman's paper on Vista DRM been debunked?

No, it has not been "debunked". It has been challenged by interested, and none-too-scrupulous, parties, who were not qualified to comment in the first place and who had nothing of much relevance to say. You can read about that here:

First, I'll let Gutmann comment on his use of various OSes:

This is just Microsoft-bashing.

It's bad-technology bashing. If this had been done by Linus Torvalds, Steve Jobs, Alan Cox, or Theo de Raadt, I'd have said the same thing about it. As far as I'm concerned computers are tools to get a job done and not a platform for religious wars, and if something's bad I'll say so regardless of who's doing it. In fact Vista overall has some really nice new technology and features built into it, it's just this one aspect of Vista that's troublesome. And just for the record I run various versions of Windows on ... [counting] ... seven of my machines (the rest are a mixture of Linux, FreeBSD, and occasionally Solaris and QNX), so I'd be a rather unlikely Microsoft detractor if I have their software all over my machines.

As far as George Ou and Ed Bott are concerned, again I'll let Gutmann himself address this. Key quotes below:

It all started with an email from George Ou, who decided, without ever hearing my talk on content-protection issues or seeing the slides for the talk, that what I'd said in the slides was wrong. I offered to send them to him, but by then he'd gone ahead and posted his conclusions anyway, still without ever actually having seen the slides that he's commenting on. Later he changed his story to claim quite emphatically that he wasn't attacking the slides at all, which seems a bit contradictory since the material wasn't present anywhere but the slides.

...

He even went so far as to lodge a formal complaint about me with the University, although since I'd been trying quite hard to ignore him (both he and Ed even mentioned this in their blogs), I'm not really sure what he complained about (details of complaints are treated as confidential). Maybe it was the fact that I wasn't paying any attention to him.

...

Ed's tactics were slightly different. He posted his initial comments on a blog whose existence I wasn't even aware of (and therefore had no way of responding to) and then summarily declared victory in a later blog posting based on the fact that I didn't reply.

...

In this entire time, neither George nor Ed ever tried to obtain the slides from me ("I never asked for his slides" - George Ou), the actual material that started this whole thing. I've sent out copies of the slides to *every single person who asked for them*, but neither Ed nor George ever bothered contacting me to get my side of the story, or to get the slides that they were attacking. Indeed, all I got from Ed was a long sermon on professionalism.

...

Avoiding asking me for the current slides so that he can attack a ~9-month- old copy of the writeup

...

In all this mass of trivia there's one major thing missing that would justify the title that he's chosen to use: Any attempt at all to address the central thesis of the content protection analysis, that trying to seal shut (portions of) the historically open PC architecture in the name of DRM is technically a really bad idea, and one that's bound to fail. As Bruce Schneier put it, "Trying to make bits uncopyable is like trying to make water not wet".

...

Appendix: Short response to Ed's article

"Because Gutmann has no hands-on experience with this technology"

Actually I do have direct, hands-on implementation experience, which I could have told you if you'd ever contacted me about any of this.

...

"Here's the information on this exact monitor"

So this is where his strategy of going for a nine-month-old writ

See, this is why I run loop-AES with keyscrubbing. When they come for the RAM, there'll be nothing residual there. And people call me paranoid. Pffft.

(yes, I'm aware that's not what the order is about, but if they get the RAM, they can analyze it!)

In a nutshell, for hard drives, "If commercially-available SPM's are considered too expensive, it is possible to build a reasonably capable SPM for about US$1400, using a PC as a controller". So it is in the reach of the hobbyist to recover up to around the last 20 items recorded on any magnetic media (easier for floppies, harder as drives become denser). On solid state memory, I believe an electron microscope is needed for analysis. Still, data that has been in one location in RAM for more than five minutes is in theory recoverable.

Q: Is the Gutmann method the best method?

A: No.

Most of the passes in the Gutmann wipe are designed to flip the bits in MFM/RLL encoded disks, which is an encoding that modern hard disks do not use.

In a followup to his paper, Gutmann said that it is unnecessary to run those passes because you cannot be reasonably certain about how a modern hard disk stores data on the platter. If the encoding is unknown, then writing random patterns is your best strategy.

In particular, Gutmann says that "in the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data... For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do".

Read these papers by Peter Gutmann:

• Secure Deletion of Data from Magnetic and Solid-State Memory
• Data Remanence in Semiconductor Devices

http://www.cypherpunks.to/TCPA_DEFCON_10.pdf

One thing I note that the review does not mention is the fact that SPARK is, while Turing-complete, not very much fun to program in. Starting with Ada, a pretty B&D langauge to start with, SPARK removes all the remaining pointy bits, including: "the goto statement, aliasing, default parameters for subprograms (i.e. procedures and functions), side-effects in functions, recursion, tasks, user-defined exceptions, exception handlers and generics" (list taken from here, emphasis mine), plus dynamic allocation, which is mentioned in the review.

Basically the only excuse you could possibly have for writing something in SPARK is extremely critical code (ie, if it fails, many people die). Even then I'd be skeptical it would provide much benefit, but at least it would provide some ass-covering ability. :)

For a alternatve view of the practicality of correctness proofs, see chapter 4 of Peter Guttman's thesis. IIRC there was a book review of it on /. a while back (which I didn't read). Even if you did read it, read it again.

"No programming language can save you from yourself."
- Me

Not that I'm paranoid or anything. Ok, ok, so I'm paranoid and the governments' out to get me, but I still gotta wonder how quickly it was cracked by the boys with the big iron. Even though private/personal computational horsepower has increased dramatically over the years, while govt funding has decreased, I still can't see a general purpose CPU or network of CPUs being able to compete with dedicated crypto hardware .... Am I wrong??
Another interesting link here
Paper: "Architectural considerations for cryptanalytic hardware"
Cypherpunks Tonga

Courtesy of the Seattle Indymedia site.
http://d176.whartonab.swarthmore.edu/
http://d176.whartonab.swarthmore.edu/diebold_inter nalmemos.pdf
http://noisebox.cypherpunks.to/~visible/vote/vote. html
http://www.scifience.net/
http://emdx.org/r.php?U=BBV
http://opium.mine.nu/bbv/
http://centipede.provocation.net/diebold/
http://localh.kicks-ass.org/bbv/
http://d125.wortha.swarthmore.edu/
Source thread on Indymedia if you are interested.

The slides from Lucky Green's DEFCON X talk, Trusted Computing Platform Alliance: The mother(board) of all Big Brothers, are now available in the following formats:

• PowerPoint (309k)
• PDF (511k)

The slides from Lucky Green's DEFCON X talk, Trusted Computing Platform Alliance: The mother(board) of all Big Brothers, are now available in the following formats:

• PowerPoint (309k)
• PDF (511k)

I lead the security group at the laboratory, where I hold a faculty post as Reader in Security Engineering.

I don't think Andersson is, as you suggest, biased against TCPA / Palladium and certainly not "heavily biased" (see Bill Arbaugh's comment below). His analysis does however point out very serious consequences of the TCPA / Palladium infrastructure. The consequences are what they are, Anderson just made a very good job in formulating them.

He is far from alone in his view on TCPA / Palladium. In fact, Bill Arbaugh, one of the inventors of TCPA (US patent 6,185,678 here), has second thoughts. His comment on Anderson begins:

We are all aware of the criticisms that the TCPA has received. Ross Anderson did a good job of explaining the problems in an abstract fashion, but I felt that there were some things left out (Privacy concerns).

By the way, trustedcomputing.org does not allow the general public to view the member list anymore. You can however see one list of 170+ member companies in Lucky Green's presentation below (links from http://www.cypherpunks.to/:

The slides from Lucky Green's DEFCON X talk, Trusted Computing Platform Alliance: The mother(board) of all Big Brothers, are now available in the following formats:

• PowerPoint (309k)
• PDF (511k)

Other resources with much information are:

• http://www.notcpa.org/
• http://cryptome.org/

In other words, bye bye Linux.

Yes and no. Read this - apparently HP is making a DRM-compliant version of linux - which should keep the public happy; the only problem is that developers won't be able to compile+run new versions of the kernel (OS needs to be supported by hardware)

For you lazy people:

HP is developing a TCPA-compliant version of Linux.
- GPL requires the result to be Open Source.
- Source code will compile and can be verified.
- But: the source alone is useless without a TPM-specific certificate.

==

It sounds like a very sound plan, and it does put M$ in a intesting position as far as the Palladium initiative is concerned.

However, my readings from /. have told me that the main issue with Palladium has always been to secure digital entertainment content (ie. movies, music, etc) However, there is nothing saying that M$ could not develop another "technology" separate from Palladium to work on software licences (therefore negating the "patent protection" this has bought us)

I can't really give too informed an opinion without reading the actual patent filed (and I find it interesting that Lucky Green's website hasn't been updated since the symposium), but I can see M$ being able to honor this and still work around it, should they choose to.

If all else failed, they could go back to the ??IA for the political power to pull it off. "We scratched your back with Palladium. Now, you scratch ours."

Of course, this may be all a bunch of paranoid M$ bashing. Maybe they will do the right thing about it all. It's just interesting to think of the possibilities...

We are even closer than you think. Read Holling's bill S. 2048 http://www.politechbot.com/docs/cbdtpa/ and then go to cypherpunks and read Lucky Green's presentation. According to Lucky Green, S. 2048 makes it illegal to sell non-TCPA computers.

...just like that other relic from the 1980's, Ronald Reagan. I suppose we should be grateful: it was the threat of the V-chip that brought the Cypherpunks into existance and was indirectly responsible for the creation of PGP and the EFF. A little dose of fascism can do wonders for freedom.

The Kingdom of Tonga in the South Pacific hosts a server that freely distributes over the Internet BSAFEeay, a free, public domain implementation of RSA Data Security?s BSAFE Applications Programming Interface (API). The site advertises that its cryptographic offerings are "made outside the US, so there [are] no ITAR restrictions."

Ahem... Cypherpunks Tonga is actually located in the Netherlands - anyone can buy a .to domain name. Their website claims that "yes, there are cypherpunks in Tonga" but it is probably a joke.


----