Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cryptographers Find Fault With Palladium

Posted by timothy on from the artist-formerly-known-as-palladium-that-is dept.

FrzrBrn writes "Whitfield Diffie and Ronald Rivest raised concerns about Microsoft's Next-Generation Secure Computing Base (formerly Palladium) at the RSA Conference in San Francisco on Monday. They are (naturally) concerned about vendor lock-in and having computers turned against their owners. See the story at EE Times."

4 of 343 comments (clear)

  1. Sidenote about RSA by preternatural · · Score: 5, Informative

    The inventors of the RSA algorithm (Ron Rivest, Adi Shamir, and Len Adleman) were awarded the Turing Award on Monday. This was announced at the opening of the RSA conference. More information can be found in this article.

  2. Not A Crypto Fault by rsmith-mac · · Score: 5, Informative

    Just as a note, contrary to what most people's initial reaction is, the article does not talk about any cryptographic flaw in the system. Diffie is arguing the merits(or lack thereof) of a system that the user doesn't hold the key to; Palladium itself hasn't been proven insecure(yet).

  3. The key is not the point by xpl_the_myst · · Score: 5, Informative

    The number of bits in the key is not the issue. In fact, most secure protocols like SSL use a decent size so that brute forcing is not worthwhile.

    The point actually is that any theoretical construct like a cryptographic scheme or a TCP protocol needs practical implementation in code. And this is where the bugs creep in. And with things like Microsoft, those bugs are as common as snow in Greenland. And so all these hackers/crackers out there working their fingers on their keyboards and peering into bright screens into the fading night can 'hack' Palladium.

    Microsoft has taken on itself to make errors wherever possible and remain as human as any one of us. Trust them to repeat their humanity and come up with enough holes in their Palladium implementation to let most hacks through.

    --
    This sig is empty.
  4. _Correction_ by jstockdale · · Score: 5, Informative

    Ummm, exactly WHY do you think the NSA seems to have suddenly stopped contributing code to the NSA security enhanced linux project?

    I suppose the NSA stopping all development on SE Linux is the reason that they just posted updates one week ago to SE Linux, as well as in January 2003, December 2002, and October 2002, all of which took place after this article reported them dropping the project (August 2002).

    Not to flame, but just check your sources first next time ;)

    --
    **AA: a bunch of mindless jerks who'll be the first against the wall when the revolution comes