Slashdot Mirror


Cryptographers Find Fault With Palladium

FrzrBrn writes "Whitfield Diffie and Ronald Rivest raised concerns about Microsoft's Next-Generation Secure Computing Base (formerly Palladium) at the RSA Conference in San Francisco on Monday. They are (naturally) concerned about vendor lock-in and having computers turned against their owners. See the story at EE Times."

8 of 343 comments (clear)

  1. Re:Privacy by neptuneb1 · · Score: 5, Insightful

    "I can't wait for the distributed Palladium cracking project!"

    You're going to be waiting for a while. With M$'s army of lawyers, any attempt to organize such a project will quickly be shot down by any one of a number of current laws. Let's see how many we can name....

    --
    No.
  2. The bit I like by boy_of_the_hash · · Score: 5, Insightful
    NGSCB also requires secure channels between a keyboard and main memory and between a display interface and a graphics chip and its frame buffer.

    Which means it will only work on approved hardware - guess who profits from approving the hardware and drivers? Why would I need a secure framebuffer exactly when I'm already in full control of the code executed on my machine?

  3. It's about who "owns" your ID by feepcreature · · Score: 5, Insightful
    A central objection from Diffie & Rivest seems to be that under Palladium, Microsoft will own and control your ID - or at least what can interact securely with "your" secure Palladium device.

    To understand why this is not a good thing, imagine if a commercial company had the monopoly of passport and driving license production, and were able to prevent you from using the ID they issued to verify who you were except in "microsoft approved" shops and venues (or countries).

    IDs and trust systems should be standards based, not proprietary. They should be secure, and openly peer-reviewed or audited. And the ID should be under the control of the person being identified (or at least issued by a "neutral" government body, as passports are now).

    But I've just started thinking about this... so I might change my mind some more. Would that make me a bad slashdotter?

    --
    Paul "Say no to feeping creaturism"
  4. Suprised MS isn't cyring "conflict of interest" by pete_wilson · · Score: 5, Insightful
    I'm suprised that Microsoft isn't tyring to cloud the issue by talking about the associations of the persons who gave the talk.

    Wittfield Diffie is an engineer at Sun Microsystems, one of the only corporations that can be considered a Microsoft competitor. Ron Rivest is a professor as his day job, but gets quite a bit of cash from RSA, and Microsoft isn't using any of the code that RSA provides (BSAFE, etc) in Paladium, so that's a big chunk of change that won't be coming his way.

    We here on slashdot may realize that Rivest and Diffie are actually quite excellent individuals in their field, but these kinds of conflicts of interest are frequently what will be pulled out to counter an argument, rather than working from the facts themselves.

  5. Re: Better they find fault with it now, by Black+Parrot · · Score: 5, Insightful


    > And now we're supposed to trust 'Trusted Computing'?

    "Trusted Computing" is supposed to fix it where content vendors can trust us.

    Or rather, trust our computers.

    --
    Sheesh, evil *and* a jerk. -- Jade
  6. Not owning your computer eh? by scourfish · · Score: 5, Insightful

    It's not much of a change from now: you don't own your copies of windows nor do you own your XBOX

  7. Re:This sums it up by zurab · · Score: 5, Insightful

    From the article: The Microsoft approach "lends itself to market domination..."

    Does anyone think Microsoft would have it any other way?


    DOJ sues MS for violating U.S. antitrust laws. Courts whole-heartedly agree and rule that MS is guilty. Courts do virtually nothing to protect consumers and tech industry, and literally nothing to punish MS. Courts do not implement any *preventive* measures against MS - as required by the law. MS goes on breaking the same law again and again - nobody pays any attention. MS widely announces its plans (as a marketing campaign) to break the same law again in many-fold worse than before - Palladium - nobody cares.

    MS has literally and (seems) legally bribed all - legislative, executive, and judicial - branches of government in order to escape and be exempt from the law, even after it has been convicted of violating it. At some point, the government corruption needs to end, but noone knows how; in the information age where most of the "information" is spoon-fed by corporations that are part of the corruption scheme, the masses will never be on the reform side.

  8. Re:Privacy by meowsqueak · · Score: 5, Insightful

    In the USA and perhaps a few other countries perhaps - the rest of the world isn't drowning itself in stupid laws quite like the USA is at the moment. Microsoft has a long legal reach but it doesn't extend over the entire planet.

    I can imagine 7 years or more down the track, when innovation has been finally eradicated from the US economic landscape, India (for example) will have observed and learned from the USA's mistakes, and become the largest economic superpower on Earth.

    Once again, it makes me feel all warm and fuzzy inside to know deep in my heart that no matter how you look at it, I don't live or work in the USA :)