Slashdot Mirror
TiVo Awarded Patent For Password You Can't Hack
Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."
3-4 weeks tops?
According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out.
Yeah right! I'll give it 5 years max.
MDlGOTExMDI5RDc0RTM1QkQ4NDE1NkM1NjM1Njg4QzA=
Don't tell anyone.
This slashdot-related signature is a stub. You can help kihjin by expanding it.
09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0
So it's like a really character password with random characters and punctuation and stuff?
That doesn't sound like it would be worth a patent.
Then again, it might be more interesting and have non-typeable characters...
Or maybe just "Joshua"
I wonder what the Vegas oddsmakers put on this being cracked?
Non-written password is not crackable, but by dormancy.
Anything more or less than the republic is disbared from entry.
The password uses a special character only accessible via hex by using a 2.
But don't worry. There is no 2.
Ginga no Rekshiya Mata Each page.
I have a torrent that says otherwise.
Patent For Password You Can't Hack
Hack available for download from the internet in 5, 4, 3, 2....
Seven puppies were harmed during the making of this post.
And what if it's a WD drive they are talking about? The life of those is so low they had to drop their warranty to 1 year because they admitted 3 years would put them out of business. (The reason I only use Segate 5 year warranty drives).
I'm an American. I love this country and the freedoms that we used to have.
If it exceeds the life of the drive theres an easy way to just clone the drive or remove the platters and put them into another hard drive (yeah very sensitive operation likely requiring the conditions of a clean room).
Its hard to make something undefeatable and if you claim such it is only going to attract people as a challenge. Maybe that is what they want?
Of course if someone proves that it isnt 'impossible' then does that void the patent?
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
The hard disk must have a really short life :/
I don't deny that breaking it would be far outside of my own abilities, but the only truly unbreakable codes are done on one-time cyphers that are only known by two people. Clearly this isn't the case. It is only a matter of time before somebody comes up with a system, that is, if breaking into grandma's TiVo acount to watch her saved up episodes of Days of our Lives is worth the time of whatever system has the power to break it.
On the other hand, it is refreshing to see a company really moving toward physical security means (a cryptography chip) rather than software hoops to jump through.
I have two Series2 units and I love them. But there's no way in hell I'd spend PS3-level prices on a Series3 recorder, especially with the lack of TivoToGo and now this bullshit.
Look, if I buy a device that has a hard drive in it, that hard drive is mine. The data on it is mine. If you don't want me to access it from the "wrong" host, maybe you shouldn't have sold it in the first place. You can have all the control you want over that hard drive while it's gathering dust in your warehouse.
Visual IRC: Fast. Powerful. Free.
This has nothing to do with networks at all. The patent is about making sure a hard disk can only talk to a certain host.
Its just another attempt to prevent people form using their own hardware how they want to.
TiVo has always been know for thinking outside of the box
They've been know, huh?
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Get your Unix fortune now!
... to work against the consumer?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Why don't they just use weak encryption but then patent the solution.
Or how about patenting the idea of getting a patent to prevent people from patenting the schemes like the above.
The invention described is nothing more than salt and hash.
"$" plain and simple
I used to be with IT..now IT seems strange and scary to me.
Make a security claim so wild that every hacker will buy your product to try to crack it. $$$$
A "Password You Can't Hack"?
How original.
Why didn't I think of that...
I am no expert, but couldn't you create a device that reads the input + output of the hard disk, then grab the challenge + response and by doing so improve your chances of cracking the key?
Or maybe the password is just "Iceberg" -- "Even if they hit that key, it won't cause a crack."
I've gotten the impression that if you want a DVR in the States you have to rent it somehow (TiVo, Replay TV or some proprietary cable company one). Don't you have any standalone DVRs?
When I was a wee tot, I remember seeing a single-panel _Dennis The Menace_ cartoon. The cartoon itself had Dennis' father at a boardroom-type table with a few other people, his briefcase open, and various parts spilling out. The caption was something like "Gentlemen, our new bathroom scale did not pass the 'Dennis test'. We cannot refer to it as 'unbreakable'".
Since then, whenever I've heard about something claiming to be unbreakable, I picture a very broken bathroom scale...
The Busy Coder's Guide to Android Development
I love it when someone says that 'x' can't be done.... that is sure to bring on the people that show it can be done
Support NYCountryLawyer RIAA vs People
Dear Seagate,
I lost all my important data on my hard drive from it crashing.
Sincerely,
Unhappy user
======
Dear User,
Here is a new hard drive replacement.
Sincerely,
Seagate
So what if I record the password for X challenges and then reset the hardrive to start again with the first challenge? So what if I force feed the chip challenges until it spits out the full cycle and feed this stock pile of correct answers to the hardrive? INANAC.
And what if it's a WD drive they are talking about? The life of those is so low they had to drop their warranty to 1 year because they admitted 3 years would put them out of business. (The reason I only use Segate 5 year warranty drives).
if you check newegg for hard drives most of the WD drives there have a 3 or 5 year warranty on them
Hacked in 3...2..1
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
XXX#######
On the dangers of assuming keyspace => security:
from ''Computer Security and Cryptography'', Alan G. Konheim.
Belief is the currency of delusion.
Sounds like they're using Truecrypt at one of it's higher settings.
I know that I'm probably not their target audience, but the one reason that I have two subscribed tivos is that I can hack them and disable the DRM and generally they've been pretty cool about it. But the day they lock me out of my one boxes is the day that I cancel my subscriptions and either continue with the hardware on my own or switch to MythTV.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
i've got a number of WD harddrives that i've had running 24/7 for nearly five years.. one of them has just recently started to fail, but i've definitely had a better record with wd than any other brand.
maybe im just lucky ^^
http://www.accountkiller.com/removal-requested
"Unhackable" passwords ?!?
At least you know nobody is going to get sued over this one. Ever.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Is it in use?
They applied for this patent back in August of 2000 and it finally went through. And just because it is granted, does not mean that they will use it. They might. But I doubt it.
It's basically just a DRM-machination with the cryptography on chip. Basically, the same that AACS has on HD-DVD, and the patent specifies that guessing the password woud take longer than the lifetime of a drive. Euhm, I guess even guessing 56-bits encryption would be enough.
The problem is still, the user has HIS content, he can do whatever he wants with it as long as he can see it. Unless you encrypt the lightwaves that reach our eyes and plant a DRM chip in our brain, we're going to be able to copy your precious content.
Custom electronics and digital signage for your business: www.evcircuits.com
...is a message in a HERMETICALLY SEALED bottle?
Imagine what the historians and archaeologists are going to do with these doorstops. The quest for perfect data security is beginning to sound an awful lot like the final pages of _Fahrenheit 451_.
--
Toro
"No shit. The second your product gets into a consumer's home, its "unhackable" status vanishes."
And yet there are examples of cryptographic items that were difficult (in the time sense) to crack. The most famous example being that sculpture in front of the NSA. So while "unhackable" may be extreme. The same could be said for Linux security and no one phooh phoohs that.
An authentication system for securing information within a disk drive to be read and written to only by a specific host computer such that it is difficult or impossible to access the drive by any system other than a designated host is disclosed. While the invention is similar in intent to a password scheme, it significantly more secure. The invention thus provides a secure environment for important information stored within a disk drive. The information can only be accessed by a host if the host can respond to random challenges asked by the disk drive. The host's responses are generated using a cryptography chip processing a specific algorithm. This technique allows the disk drive and the host to communicate using a coded security system where attempts to break the code and choose the correct password take longer to learn than the useful life of the disk drive itself.
Drive sends random junk. Host responds with digital signature on random junk. Drive verifies signature. It's a diffie-hellman key exchange derived system called a digital signature. RSA and DSA (El Gamal is DSA's corresponding cryptosystem) are examples.
Support my political activism on Patreon.
Doesn't the first claim sounds a lot like TLS with a few steps missing?
Password: 1...2...3...4.
Ginga no Rekshiya Mata Each page.
"Its just another attempt to prevent people form using their own hardware how they want to."
Yeah! It just makes me mad that I can't share my single 'copyrighted' copy that I bought out to the entire planet. Guess they'll just have to purchase their own copy. Bummer.
Patents require you to explain what you are patenting. Their method is in the open air now.
Can't one just use dd on the hard drive, keep a backup and brute-force it on a RAID or something?
Or am I misunderstanding this?
I use BeyondTV and couldn't be happier. No restrictions. They also have SmartChapters which identify distinct blocks of video (cough, commercials, cough). I can also burn to DVD with an extra plugin. You get free TV listings - you just have to buy the software. Sure - they get you with upgrades, but you can choose not to upgrade.
"No matter where you go, there you are." -- Buckaroo Banzai
"The information can only be accessed by a host if the host can respond to random challenges asked by the disk drive. The host's responses are generated using a cryptography chip processing a specific algorithm. This technique allows the disk drive and the host to communicate using a coded security system where attempts to break the code and choose the correct password take longer to learn than the useful life of the disk drive itself."
In what novel way - or any way for that matter - does this differ from standard cryptographic challenge-response authentication? I mean, maybe they are using an extremely long generated series of psuedorandom keys, secrets, responses, or all 3 but I don't see how that is novel. Or perhaps incorrect responses result in the disk controller becoming non-responsive for a short period to increase the time required to exhaust the series, but that isn't novel either.
Any ideas?
It's not like good crypto is hard to come by. I mean if I pick a good password with AES you aren't cracking that in your lifetime, much less the life of a harddrive. The problem isn't a good password, the problem is that DRM tries to use crypto for something it isn't made for. Crypto is about keeping out non trusted parties. That's how SSH works. You have the key, the server has the key and thus only you and the server can decrypt the traffic. Anyone else can capture everything if they want, and they are going to get all of nowhere with it.
The problem with DRM is that the person who is the recipient is also one of the people they want to keep out. This creates a problem: To decrypt the message (by message I mean whatever they are giving you, video, song, game, whatever) you have to give them the key. However, if they have the key, well then they can decrypt it and do what they want with it.
This leads to all the tricky, and ineffective, stuff we see these days. They try to hide the key so that only the device can find it and you can't get at it. Well that just don't work. It can make it so it isn't as simple as just copying a disk, but as we've seen with the AACS break, you can't hide that shit from a determined attacker. The key IS on there, it CAN be found.
So I don't care how good their password scheme is. AES-256 with a 64 character password is good enough to last until the sun goes dark (or at least until quantum computing becomes a reality) but that doesn't buy you anything if you have to hand out the key as part of your scheme as is required by DRM.
Cars already do this with remote keyless entry. I just don't need to encrypt my car.
The information can only be accessed by a host if the host can respond to random challenges asked by the disk drive.
or
The car can only be unlocked by a person if the keyless remote can respond to a challenge asked by the car.
"I love it when someone says that 'x' can't be done.... that is sure to bring on the people that show it can be done"
Geeks can't get laid.
Yes, the ones from five years ago were good. Newer drives were a mixed bag. I bought two identical WD sata drives for a raid 1 setup. It was just a home file server. One of the drives has been good for 3 years. The other one often had trouble with random data loss. After checking smart on it several times I realized they doubled the number of errors on that drive before it would set off any warning! The drive in my laptop is working so far and its about two years old. Recently my laptop is crashing a lot but its an iBook so it could be the "clamp" issue or the drive or something else.
There's nothing novel here. This differs by the no-longer novel method of making a patent claim by asserting that you have "invented" using someone else's broad and univerally applicable method in a specific instance.
It's encrypted data, but you can always copy the data to a device that has a longer life, and then proceed to try to crack it if you want.
Also, you can't really say unbreakable, yeah it might take years if the right password is the last one tried, but if you guess right the first time, it'll only take mere moments.
No encryption on the planet is going to make a password of 'password' secure. Besides most 128-256 bit encryption schemes are secure enough to take longer then the device life for an average person to crack anyways.
Cablecard dude. And it will not matter if you fast-forward because the cost you paid for that programming reflects the true cost. Not the ad-supported cost. Enjoy your brave new world. You help build it.
Good, because you can't possibly disconnect the drive controller and connect one that doesn't send the challenges! And I'm certain its impossible to mount the platters in a different enclosure and read them.
Their patent makes no mention of actually using encryption on the data...it mentions only periodically challenging the host for a key.
See pending patent application #7937158
Failure to follow this advice may result in non-deterministic behavior.
How long will it be before TiVo sues the MPAA for not using their now patented encryption technology?
Quickly, before Cringely ruins it with bad math, I need to point out some very obvious weaknesses in making this work correctly:
Okay, you all can go back to your regularly scheduled cheap shots.
Paging DVD Jon. Report to the TiVo on Deck 7.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
...but I am a law student and just took an introductory IP course, so I'll try to answer. A patent must actually do what you claim it does. But they don't claim it can't be cracked:
extra chip.. just run the right lines over it + some generic mcu + generic hdd. boring. unless they pack it into a single asic(drive controller, decoder.. the works) it's weak.
Pain to the consumer!
The problem is that content costs money to create. Everyone wants something for nothing. It is certainly possible to put the content producers out of business, probably pretty soon. If that is what people want to do.
Will that lead to no content? Of course not. It will lead to an explosion of unprofessional, low-cost content. It will lead to content produced by people that think they have something to say and want to get it out to the world. Think about American Idol tryouts - these people believe they have something to say and want to get it out to the world. They utterly outnumber the finalists by 100 to 1. This is where low-cost content is headed.
So, we can have high-cost content that people pay for, or low-cost content that most people aren't going to want. I think the media companies are just about ready to give up fighting protection of their assets and going to throw in the towel. We will see where music sales go in the next 12 months and this is likely to be the deciding factor for movies and other stuff.
Maxtor!
Badass Resumes
Does this mean we have to transfer the data to a new HDD halfway through the life of the HDD & continue ?
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
FTA: According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out.
So it's security is that a brute-force/birthday attack is just so improbable that the drive will wear out before i can test enough possibilities to have a measurable chance of getting it? Besides, twofish, blowfish, AES, any virtually any other standard encryption algorithm could boast the same thing. Tell me if I'm wrong, but couldn't i make a bunch of 1:1 copies of the disk and use those to crack it?
If i had one dollar for every brain you dont have, i would have $1.
but I do know this nifty card trick:
Give your friend a deck of cards. Turn around and have them shuffle it, select a card at random, memorize the card and put it back in the deck. Have them shuffle it some more (without you looking at it). Take the deck from them and take a card from it and say 'this was your card'.
In the long run, you'll be right about 1 in 52 times. If you happen to be right the first time with a particular friend, and never do the trick again, they will be scratching their head for a long time trying to figure out how you did it.
So, the point I'm trying to make is that it could take longer than the life of a hard drive to crack the super secret code, or you get get it right on the first guess (or the second one, or the third one...). So it seems rather silly to claim that it is uncrackable.
Don't tell my hard drives that. The array of 6 WD800JB drives I bought in early 2001 are still all going strong without a single failure or need for replacement. Granted, they aren't my primary drives anymore, but I still use them for storage archival, and I tend to read data off one or more of them on a daily basis, since they're media drives.
When I read this I though "Okay, so you have to steal the box to get the content or do a lot of work to get the data off of the drive using the chip in the machine.. no big deal right?"
Then it occurred to me, maybe the host computer isn't the local Tivo box, maybe it is Tivo's system (remote) that they're calling the host. What does that mean? Now you can't get data off of the drive unless the Tivo calls home, swaps keys, and stores a decryption key/algorithm in RAM. This means that if Tivo says no, you can't get at data on the device you now own. So... well if you can hack the OS then you can just have the keys stored after/during exchange or you could read out of RAM, but maybe the OS is built off of a network boot scenario with the initial sending of the system happening only after the handshake. Tricky.
If (big if) that is the case then the way to beat it will have to be capturing the data in RAM from a running system. It sounds tough but I suspect you could do it by setting up a virtual machine that intercepts the call coming from the box, and on return sends all output from the chip normally destined for real RAM into virtual RAM (which is really filesystem based, heck make it a ram drive so it is as fast as RAM but readable as a file.) Copy the virtual ram file, and you've got an unencrypted OS. Hack your unencrypted OS to store the keys, and now you have your drive decryption key, your "call home" key and a hackable OS. Want to do something Tivo doesn't like? Make your OS think the commands came from Tivo, not too difficult now. Maybe they have a changing algorithm where the chip uses a new key (in predicted order) for each call home, incrementing after each successful exchange. Maybe then you have to talk to the chip every time with your Virtual Machine, but it still accomplishes the goal of having complete access and control.
Okay, what I think they really have is a scheme to make sure that a chip and drive are tied together so you can't get at the drive without the chip, thus no Tivo drive swapping and they really don't care right now anyway and just wanted to get the patent because they think their method might be marketable some day. I wonder if I'm giving them ideas.. nah, they'll never read this post, right?
B) Eliminate all the stupid users. This is frowned upon by society.
Comment removed based on user account deletion
who cares if it's hacked? oh, i know, you'll all sit around posting endless LOL1!!!11! posts and patting yourselves on the back (even though none of you will have ever contributed in the hacking of the technology, after all, that's what slashdot is all about, just like qvc; making yourself feel like part of a community that you're really not part of aside from the consumer aspect).
have you ever considered that by making these outrageous claims and having the system get hacked in a short amount of time that these companies can now go to congress and complain "we've put our best men on this and still we can't escape piracy. we need legal protection or the industry will suffer." oh, are you one of those dopes who really thinks that these engineers are too dumb to know about the simple techniques that are sometimes used to hack these protection methods? are you one of the slashdot nation who really thinks that pizza delivery boys working on degrees in junior college are that much better than seasoned vets? the dumber you think "the enemy" is the more you prove your own ignorance.
in fact it's so likely i wouldn't be surprised if they're the ones leaking the hacks themselves! don't think this does not happen. don't think that celebrating "your" victory over the evil empire isn't part of their plan. don't think hacking this or not is going to somehow make the lofty goals of the anti-riaa/mpaa/whomever types come any closer to being obtainable.
yeah, you may get some shitty free movies or such out of the deal but in the end the powers that be will except that loss to get the lawsuits flowing.
Bender: What an awful dream! 1s and 0s everywhere! ...and I thought I saw a 2...
Fry: It was just a dream, Bender. There's no such thing as 2.
This is great news. It means that everybody else can only implement passwords that you can hack.
.. and unless they tie the data to the chip on the controller board, a bit of mechanical work will see it replaced with a board YOU control - bye bye data. If you're not concerned about longetivity of the data you could pollute the platter space and swap them out (a data thief doesn't need years of uptime, only as long as it takes to copy the data elsewhere).
The bit that gets me is that it appears someone let a marketing clown loose on what they've created. "Never" is the right word to get every cracker and his/her mum to have a go, so well done whoever used THAT word (you'll get this anyway, but the use of "Never" is absolutely begging on your knees in global TV commercials, newspaper wide ads and banners to get royally done over with.. (continue the analogy at will, you know what I mean).
Ask DVD Jon what 'never' looks like. WEP keys? Minutes (etc etc). The word doesn't apply, it MAY just be harder - at this moment in time.
Maybe these guys need to spend a bit of time learning at the Institute for General Semantics ("the map is not the territory" etc)..
Insert
Why cant the drives be cloned, so as to effectively increase the time available for hacking the encryption ? It may be good enough for the lifetime of one drive, but how about 10 drives being hacked in parallel ?
I can't wait for them to GPL their implementation. Hopefully there will be enough software in the Tivo that gets licesed under GPLv3 to put these assholes out of business.
Anyone out there have any examples of prior art?
Every WD drive I've owned -which is around 10- has failed. Every damn one of them, and their under warranty replacements too.
I've lost drives from other brands too, sure. But only WD has a 100% failure rate.
Why did I keep using them? The first one I thought was fluke. Then it's warranty replacement died too.
Won another WD in a contest. It died. When that replacement came, I gave it to someone else. Never even opened it. It died too and victimized the lucky new owner.
Then I went some years before getting in a bunch of WD 80gig "special edition" drives. At the time, they were the only ones offering 3ry warranties on retail drives. Not trusting WD, each of those drives was set as Raid 0 with another identical WD. Every system got a pair. They started blowing up at the 2yr mark, one after another. It was hilarious. Worst Spinrite readings I've ever seen.
All the while this was going on, I have had Maxtor and Seagate drives in the same computers in the same temp. environments and none of them have failed. Knock on wood.
Odds are, someday I will lose a Seagate/Maxtor because that's all I use now. One of these guys will eventually die. But my experience with WD taught me all about the need for backups and redundancy and those are things I now use with every drive brand. Assume they will die on you and back the hell up. This has saved my bacon many times, so I really owe WD a debt of thanks for teaching me not to trust hard drives. Ever.
Sig for hire.
Hopefully what they're talking about patenting isn't the protection scheme that's on Series2/2.5 Tivos, because that's been owned for a couple of years now. Series3 Tivos have been hacked to get shell access so far, but AFAIK, encryption hasn't been cracked.
On a Series2 Tivo, it's not rocket science:
1) Pull hard drive
2) Replace kernel with another kernel that doesn't do an integrity check of files at boot time.
3) Make the startup scripts spawn a telnet daemon (Tivo was thoughtful enough to provide one)
4) Change 8 bytes in 'tivoapp' to disable encryption.
(and copying files off the Tivo this way is at least 2x faster than TivoToGo transfers)
Series2.5 (nightlight and dual-tuner) and Series3 (dual CableCard HDTV) require that a PROM chip be desoldered, reflashed to remove file integrity checking, and then put back in. All the Series3 Tivo lacks is step 4, but it'll only be a matter of time.
Let's be honest and blunt here. When (note, when, not if) the password is cracked, what does it mean? That you can strip the ads and distribute what's on the HD. Do you care about patents when you got that in mind? No.
So, why is it in any way meaningful whether that invalidates a patent which doesn't mean jack in the first place?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
...by a patent for squaring the cube.
Hey what, it's obviously now allowed to patent the impossible!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Its odd. There are lots of people who say that about WD but I've never had a problem.
My computer has a 120gig WD drive which has been going for years and my 6 month old server has 4 of the drives.
Never had a problem.
The challenge response it the very first thing I implemented when I was trying to ensure I was talking to the right peer in my first crypto thing I did in '85 and I'm not a crypto expert at all. Given that SCOTUS said, "Enuff of this obvious stuff", I suspect that this one will be creamed if it is ever challenged all the way.
I've replaced dozens of harddrives for over 13 years and found WD best.
I've been having best luck with (some are gone for long) Western Digital, Seagate (since the early ST124), Conner (since CP3024), Quantum (since ProDrv-80AT), Maxtor (with exception to their Maxtor Colorado 7120A Cheyenne series which has caused me massal hairloss during that year). IBM and Maxtor had very good series but also some series which were participants in the hall of clickery shame...
The quality has been starting to drop when them hard drives were getting bigger. Even WD has bad batches/series; but still, my most survivors of war are about 40 WD's which I'm still keeping as backup of my previous systems, untouched and fully working when removed from my systems.
Weird but true, I try to avoid any batch which is made inbetween July and October; most of the broken drives I got here are made inbetween those manufacturing dates.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
I think you all should just stop watching T.V. I haven't watched T.V. regularly in over 5 years now and it feels great. Just think a moment about how obsurd cable T.V. is . . . you're paying money to be advertised to. It should be the other way around. THEY should pay YOU to watch thier crap.
Think about how much head space you will be saving yourself. Hell, I still have commercials floating around in my head from the late 80's. I certinatly don't need any more of that filth polluting my thoughts.
In conclusion, T.V. sucks. Stop watching T.V.
Not sure exactly what the situation is like with XBox Media Center these days, but the last time I looked into it, it wouldn't run a real MythTV frontend. It ran a psuedo-MythTV thing, where it would play the contents of a Samba share that had MythTV recordings on it, but I didn't think it would run the interface and basically work like a real MythTV box. That's important if you're going to have nontechnical people using a system.
Also, if you use a hardware MPEG-2 decoder (any of the Hauppauge PVR-x50s, which I think most people do for SDTV right now), the XBMC won't work, at least according to the wiki here. You have to transcode everything to some other format first, because the Hauppauge cards' output will just choke the XBox for some reason. (I don't understand why, though -- it's 4.5Mb/s MPEG-2 video, shouldn't be any harder to decode than a DVD...)
I'm not crapping on XBMC -- it's a neat system, and more than once I've come very close to buying an XBox purely to play with it -- but you can have a lot more flexibility with the power that you get with an Apple TV. Given that up-front hardware costs really are pretty small when you divide them out over a few years that you'll hopefully use an entertainment system, every day, a lot of people are willing to spend the cost initially for the hardware.
(Also -- Apple TV will do highdef, or probably will once they get the software issues worked out; a lot of people are purchasing hardware with HDTV in mind. Personally though, I think this is less important than having a seamless interface that's the same as all the other MythTV units in one's house, though.)
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
And they can't read time stamps. Poor Aoreias.
Unhackable? I am much more concerned about when a new "feature" like this is going to make my legal or paid for content unaccessible or unusable, again. Screw that, I solve these problems by going elsewhere or doing without.
...just make the password so long that entering it would take longer than the M(aximum)TBF of the drive
prior art, the xbox... also, "unbreakable" password is pretty much public/private key RSA... so, how can tivo patent this, when its RSA's tech?
portfolio
the obvious way of implementing this would be to reduce the disk's medium time before failure to something like a few minutes...
on the other hand: can i now sue my harddisk manufacturer for patent infringement if my drive goes badaboom before someone manages to hack the cryptofs-layer i have put on it?
That is a dreadful patent, and it would be ridiculous to see it issued; hardware challenge-response dates back to at least the first IFF machines in the second world war, they're not even mentioning having a deliberately slow password-hashing algorithm, which is itself at least as old as UNIX, and the technique is vulnerable to bump-in-the-ATA-cable extraction of the data from the disc in the first place, and probably also to an attack where you swap the drive controller board for one from a drive of similar model without Special Tivo Sauce.
... in Soviet Russia, Tivoli patents you !!!!!
Wait what? I have an enterprise WD drive installed in my home PC with a 5-year warranty. As far as reliability, In the aftermath of Hurricane Katrina, I was working at a college whose campus was across the street from the gulf of mexico. One of the professor's computers which was recovered had a WD Caviar Drive in it. Due to location the thing was under sea water for 10 hours. Circutiry on the underside was corroded, it shook salt when you tapped it, and smelled like dead fish. After a lot of sad grinding sounds, Symantec Ghost had made a working clone of it in 20 minutes. No file loss. In normal operation, many of our (past warranty) WD drives worked like a champ as well. I will also admit our newer seagates never had a single issue, but the older models were less reliable than the aptly named Quantum Fireballs.
step 1) while the drive is in the cryptohost, copy the data to an unencrypted drive
there is no step 2.
am i missing something here?
Crack it and make a surplus of copies of their code, ad data and structure to the Internet. That ought to get their goat ;-) Hee hee.
When you convert 09F911029D74E35BD84156C5635688C0 into base 64, it couldn't possibly be "MDlGOTExMDI5RDc0RTM1QkQ4NDE1NkM1NjM1Njg4QzA=". Here's why:
Thus "MDlGOTExMDI5RDc0RTM1QkQ4NDE1NkM1NjM1Njg4QzA=" is not "09F911029D74E35BD84156C5635688C0".
Yeah, I know, I know, I could have just converted "09F911029D74E35BD84156C5635688C0" myself instead of doing it the long convoluted way, but this was more fun to do as a geek.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
The extent to which you hammer the hard drive makes a huge difference in their lifespan. Linux, for example, is pretty efficient about only writing to the drive when you need to, but running a very busy web proxy server tends to invite a lot of writing and reading from disk. So the very busy drives all tend to fail at the same time: this turns out to be deadly for RAID 1 or RAID 5 setups, since they often start failing without warning and both drives fail before you can rebuild the array with new drives. I suspect your systems are under a pretty light load and thus last quite some time.
well, considering they seem to have simply decided to patent password authentication (they mention it's sha-1), it might indeed be hard to crack the transaction that's mentioned in the patent. the patent itself should in no way have been granted; it's pretty obvious.
of course, it's impossible to implement fully what they describe if you actually own the equipment. it seems all you need to do is figure out what the codes are, and we can probably test the ram and/or the cryptography chip for that.
the privacy of one's mind is important.
you do have something to hide.
(1 2 3 4 5) Quick, someone change the combination on my luggage!
So who wants to start tivo@HOME?
Honestly this sounds remarkably similar to an authentication scheme I learned about in my Operating Systems class over 2 years ago. The only difference is before it was a client authenticating on a server, not a harddrive suthenticating its attached computer. Its a clever application of an old idea... (Although imho ita a better application than the original one)
Usually yeah its pretty light but I do occasionally thrash them badly. Mucking around with 200gig databases is one example. :)
The password takes more time than the hard disk to fail?
Then copy the hard disk, dammit!!!
"Like a lot of things in life, we laugh because it's funny, and we laugh because it's true." -Al Capone (Robert Deniro), The Untouchables (1987)
...and has done for a good handful of decades (at least on computers). Not only is this not news, it's misclassified. This should be story about stupid patents (and how the IQ of the average slashdot readers seems to now be in single-figure land).
It's OK Bender, there's no such thing as 2.
Bet I can solo it on my Conjuror.
Damn... longer than the life of a hard drive eh? Guess we'll just have to make an array of SSD's then.8
http://www.sandisk.com/Oem/Default.aspx?CatID=147
In my next incarnation, I hope to come back as a code monkey.
I'm so glad I don't have any reason to watch tv, im like really supprized anyone watches it these days, I mean really, watching Tv is so yesterday... Wait but if you want to watch my show, just download it from the Internet. The Full Season on bitorrent for free, swheeat!
Make a control, people will route around it and it will keep happening until the end of time.
Maybe I'm missing something but it looks like there is an inadvertant loophole in the patent: "If both of the keys are zero (all 0 bits), the drive is placed in locked state. If either key is nonzero, the drive is placed in the locked state." If the keys are zero, the drive is locked. If the keys are non-zero, the drive is locked. Therefore the drive is always locked after reset. Was this intentional? Hmmmm...
Maybe they didn't change their password technique at all, but just started shipping highly unreliable hardware. In Soviet Russia, The Hard Drives Crash You.
Tivo's become another cult, it seems. MythTV does everthing that my spouse and children care about, and I don't watch TV anyway.
Summary: They patented that a hdd ask the host for a password and only can be used if the host know it.
How is that more secure than cyphering the hdd contents with no new hardware?
The host need the password to read/understand the data.
Well, if you get the cyphered content it is easier to brute force the password, but why to do that? If the host knows the password someone will get a way to get it from there. No matter the password is used to unlock the hdd or decypher the contents.
On the other hand, if the hdd content is not cyphered im sure someone will bypass the locks and read the data.
I wonder if this is their response to the GPLv3? Sure, we'll give you all the information, but your HD won't authenticate with our hardware, you'll have to insert your own HD, at which point the device will lock out several functions we don't want other software to have access to?
Oh, and on the point of the "predictable contents", not all cryptosystems are vulnerable to known plaintext attacks, although any such attacks might very well be helpful if any data on the HD was known.
The only good point is that this sounds like basic challenge-response cryptography and using it on a HD doesn't seem especially novel, particularly in light of recent patent rulings. So it's probably not an overly strong patent, anyhow. Of course, they must've filed for it ages ago if they're getting it now, so I wonder... Maybe it really dates from when they were first questioned about GPL compliance? Hmm...