Slashdot Mirror

← Back to Stories (view on slashdot.org)

TiVo Awarded Patent For Password You Can't Hack

Posted by Zonk on from the un-hack-able dept.

Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."

13 of 291 comments (clear)

  1. A really long one? by loftwyr · · Score: 3, Insightful

    So it's like a really character password with random characters and punctuation and stuff?

    That doesn't sound like it would be worth a patent.

    Then again, it might be more interesting and have non-typeable characters...

    Or maybe just "Joshua"

  2. longer than the life of a hard drive in order .... by frovingslosh · · Score: 4, Insightful
    Wasn't about the same thing said for the DVD protection system? All security systems like this fall apart when the user had the device being hacked in his hands.

    And what if it's a WD drive they are talking about? The life of those is so low they had to drop their warranty to 1 year because they admitted 3 years would put them out of business. (The reason I only use Segate 5 year warranty drives).

    --
    I'm an American. I love this country and the freedoms that we used to have.
  3. Re:So.... by Anonymous Coward · · Score: 5, Insightful

    I want to know if the patent is invalidated when it's broken.

    (ie: does making outlandish and incorrect claims in a patent invalidate it?)

  4. Re:So.... by rob1980 · · Score: 5, Insightful

    No shit. The second your product gets into a consumer's home, its "unhackable" status vanishes.

  5. Yet another reason not to get a Series3 TiVo by Mr2001 · · Score: 4, Insightful

    I have two Series2 units and I love them. But there's no way in hell I'd spend PS3-level prices on a Series3 recorder, especially with the lack of TivoToGo and now this bullshit.

    Look, if I buy a device that has a hard drive in it, that hard drive is mine. The data on it is mine. If you don't want me to access it from the "wrong" host, maybe you shouldn't have sold it in the first place. You can have all the control you want over that hard drive while it's gathering dust in your warehouse.

    --
    Visual IRC: Fast. Powerful. Free.
  6. can we get the old hahaha tag now by zappepcs · · Score: 4, Insightful

    I love it when someone says that 'x' can't be done.... that is sure to bring on the people that show it can be done

    --
    Support NYCountryLawyer RIAA vs People
  7. Re:I've done this before just for fun. by CedgeS · · Score: 4, Insightful

    Essentially they are claiming: Using a wire-secure challenge system between a hard drive and a host.

    In the text they mention prior art of both:
    1. Using a challenge system between a hard drive and a host
    2. a wire-secure challenge system

    Even if no one has ever put cryptographic functions into a hard drive (I'd be surprised) virtually every cryptography paper talks about all of the communications in the only meaningful terms, abstract ones, implying in a way obvious to non-experts that it can be used between any equipment.

    This, like many other bad patents, is at best a land-grab for a specific piece of territory so well discovered, mapped, and understood that claiming a portion of it is just ridiculous.

  8. The patent that will never reach courts. by DrYak · · Score: 4, Insightful

    "Unhackable" passwords ?!?

    At least you know nobody is going to get sued over this one. Ever.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  9. Cryptographic Challenge-Response Authentication? by dircha · · Score: 3, Insightful

    "The information can only be accessed by a host if the host can respond to random challenges asked by the disk drive. The host's responses are generated using a cryptography chip processing a specific algorithm. This technique allows the disk drive and the host to communicate using a coded security system where attempts to break the code and choose the correct password take longer to learn than the useful life of the disk drive itself."

    In what novel way - or any way for that matter - does this differ from standard cryptographic challenge-response authentication? I mean, maybe they are using an extremely long generated series of psuedorandom keys, secrets, responses, or all 3 but I don't see how that is novel. Or perhaps incorrect responses result in the disk controller becoming non-responsive for a short period to increase the time required to exhaust the series, but that isn't novel either.

    Any ideas?

  10. How is this news? by Sycraft-fu · · Score: 5, Insightful

    It's not like good crypto is hard to come by. I mean if I pick a good password with AES you aren't cracking that in your lifetime, much less the life of a harddrive. The problem isn't a good password, the problem is that DRM tries to use crypto for something it isn't made for. Crypto is about keeping out non trusted parties. That's how SSH works. You have the key, the server has the key and thus only you and the server can decrypt the traffic. Anyone else can capture everything if they want, and they are going to get all of nowhere with it.

    The problem with DRM is that the person who is the recipient is also one of the people they want to keep out. This creates a problem: To decrypt the message (by message I mean whatever they are giving you, video, song, game, whatever) you have to give them the key. However, if they have the key, well then they can decrypt it and do what they want with it.

    This leads to all the tricky, and ineffective, stuff we see these days. They try to hide the key so that only the device can find it and you can't get at it. Well that just don't work. It can make it so it isn't as simple as just copying a disk, but as we've seen with the AACS break, you can't hide that shit from a determined attacker. The key IS on there, it CAN be found.

    So I don't care how good their password scheme is. AES-256 with a 64 character password is good enough to last until the sun goes dark (or at least until quantum computing becomes a reality) but that doesn't buy you anything if you have to hand out the key as part of your scheme as is required by DRM.

  11. Re:So.... by Dun+Malg · · Score: 4, Insightful

    Tivo loses because the person says they couldn't have broken the tivo code because the code is unbreakable, if they did, then Tivo loses the patent. Don't be daft. The vague boasts in the patent abstract are irrelevant to the validity of the patent. You could claim in the abstract that your patented method will grant the user perpetual happiness. All that's relevant to the validity are the claims, and those are purely descriptive of function.
    --
    If a job's not worth doing, it's not worth doing right.
  12. Re:So.... by jddj · · Score: 5, Insightful

    I don't think so.

    In the US at least, there's no requirement that a patented idea or invention or system actually do anything useful or work or even do what it claims.

    There are numerous patents for mind-reading devices, nutjob free energy systems and perpetual motion machines, and searching the USPTO database for the "hyper-light-speed antenna" will produce some interesting reading.

    Might as well patent completely unbreakable DRM.

  13. Re:Why so much effort by houghi · · Score: 3, Insightful

    because the consumer is not their customer.

    --
    Don't fight for your country, if your country does not fight for you.