Slashdot Mirror
TiVo Awarded Patent For Password You Can't Hack
Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."
This is the reason why SageTV, MythTV, and other free-to-do-what-I-want-to-PVR-software for the computer is the way to go. PVRs that try to control what we can record, when we can fast forward, and what we can do with the recorded content aren't giving the consumers what they want. You can buy a $300 PC, add a $100 TV Tuner, and buy a copy of sageTV for $80 (because setting up MythTV is more complicated than it should be), and you have a complete PVR that doesn't try to control what you do. You can even get it with an IR Blaster to control that set top box.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Quite true because at that point there is nothing to stop a person simply copying everything off the disk (just a raw copy even if it is still encrypted).
As soon as you can do that, 3 things are true:
(1) You can preserve it on something more reliable (longer life) than the original drive and work on cracking it from there.
(2) You can make multiple copies and work on it x times faster by attacking each drive/copy with a separate part of the list of possible solutions.
(3) You can spend as long as you like working on cracking it and when the drive reaches the end of it's life, pick up where you left off working on your clone disk.
More importantly how many copies would you need to make to solve it within a useful time period at all? Would you get the data within a useful time frame? Within years? Within your own life time?
Obviously if they have made it so that you can only access the drive with a specific controller then the idea of taking copies is significantly more difficult, but from what I've read it's just a regular Western Digital drive which means you could hook it up and take a raw image of the entire disk even without being able to decode the contents at that point. So as the parent said, you're not hacking it "in situ" and as soon as the drive gets into a consumer's home, you've handed of a the data to be copied.
This is just a patent for making hacking difficult, but since when does that stop anyone?
Meanwhile, I am not even going to bother trying to figure out how this is a solution for "securing networks".
Optimist: The thumb drive is half empty! Pessimist: The thumb drive is half full...
...but I am a law student and just took an introductory IP course, so I'll try to answer. A patent must actually do what you claim it does. But they don't claim it can't be cracked:
There's still a difference. Firmware is much more difficult to reverse engineer. If you can get your hands on a binary and a system that runs it, you can capture every bit of code. If you've got a ROM chip, then you can only see what goes in, and what goes out. There are ways to prevent it from being opened and examined, photosensitivity being the big one.
Crypto on a chip is more secure than crypto in a binary.
I see your informative link, and raise you a pithy comment.