TiVo Awarded Patent For Password You Can't Hack

Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."

Clone Drives?

[Tuoqui]

If it exceeds the life of the drive theres an easy way to just clone the drive or remove the platters and put them into another hard drive (yeah very sensitive operation likely requiring the conditions of a clean room).

Its hard to make something undefeatable and if you claim such it is only going to attract people as a challenge. Maybe that is what they want?

Of course if someone proves that it isnt 'impossible' then does that void the patent?

Blog spam is just plain wrong

[asdfghjklqwertyuiop]

it's an interesting solution for solving the problem of securing networks.

This has nothing to do with networks at all. The patent is about making sure a hard disk can only talk to a certain host.

Its just another attempt to prevent people form using their own hardware how they want to.

Hamel's Folly

[eddy]

On the dangers of assuming keyspace => security:

The mechanical ciphering machine invented by Alexander von Kryha in 1924 received the Prize of the Prussian Ministry of the Interior at the 1926 Police Fair and a Diploma from the famous postwar Chancellor of Germany, Konrad Adenauer, at the International Press Exhibition in Cologne two year later. Von Kryha was not only an inventor, but also an astute entrepreneur. To promote his commercial venture Internationale Kryha Machinen Gesellschaft of Hamburg, Kryha turned to the famous mathematician Georg Hamel for an endorsement. Hamel calculated the size of the key space to be 4.57*10^50 and concluded that only immortals could cryptanalyze Kryha ciphertext. Not withstanding Hamels estimate, a cryptanalysis of the Kryha machine by Friedman did not require as much time and is described in the ''2 Hours, 41 Minutes,'' a chapter in Machine Cryptography and Modern Cryptanalysis [Devoirs and Ruth, 1985].

from ''Computer Security and Cryptography'', Alan G. Konheim.

Why It Does and Does Not Matter

[Midnight+Warrior]

Quickly, before Cringely ruins it with bad math, I need to point out some very obvious weaknesses in making this work correctly:

• SHA-1 has been (somewhat) broken. Not highly repeatable yet, but they're getting there.
• Encryption does not hide a message forever. Most of us picked up on that in one form or another. It just hides it long enough to make the information useless. If I can only break a single machine 6 years after it was written, the video isn't going to be very useful to me.
• Good encryption methods assume two things. One is the attacker does not have the key. Smart card attacks have shown (PDF) that even though an attacker has to guess the key, a poor implementation may provide useful hints during the guessing phase.
• The second assumption is that the message is not highly predicatable. Disk drives are known for having highly-predicable components on them which makes finding the plaintext all that easier.
• These folks are so cocky about SHA-1's entropy space, they claim "there is no need to abort the authentication process from a specific host. For example, there is no need to abort the authentication process if a specific host generates three wrong passwords. " Zeroization is the only way to do this right. You can also vary this so that after three failures, an automatic delay is introduced to slow down the guessing.
• Reading the patent text indicates that new "commands" will be added. No mention of a bus protocol (ATA or SCSI) is mentioned. Presumably, they won't make the drives themselves, so it will need standardized. The hard drive community is open to using patents, but only if the terms are reasonable or a cross-licensing deal is in the works. If this is a forced attempt, it will fail miserably or cost so much that the drives will be considered custom, low-volume, high-cost components.
• The likelihood of them screwing the implementation up are so high, they should pursue FIPS 140-1 certification for every hard drive made. Then, the patent can apply outside the domain of Tivo.
• This scheme works better as a general hard drive protection measure than for a Tivo. People who own a Tivo might probe the memory chips for the crypographic module to sweep for the drive or system keys. AACS recent events ought to make it obvious that people are motivated to do this. The general case may prevent a lost hard drive from being very useful.
• It would appear that the cryptographic module does NOT actually encrypt data on the platters. It seems to only cover communication between the host and the disk controller. If an attacker were to replace the circuit board with one whose path was trusted, they could read the platters without issue. They do this all the time in the hard drive repair business; no clean room required.

Okay, you all can go back to your regularly scheduled cheap shots.

I'm no security expert...

[babyrat]

but I do know this nifty card trick:

Give your friend a deck of cards. Turn around and have them shuffle it, select a card at random, memorize the card and put it back in the deck. Have them shuffle it some more (without you looking at it). Take the deck from them and take a card from it and say 'this was your card'.

In the long run, you'll be right about 1 in 52 times. If you happen to be right the first time with a particular friend, and never do the trick again, they will be scratching their head for a long time trying to figure out how you did it.

So, the point I'm trying to make is that it could take longer than the life of a hard drive to crack the super secret code, or you get get it right on the first guess (or the second one, or the third one...). So it seems rather silly to claim that it is uncrackable.

Re:So....

[cgenman]

Why not encrypt the HDD at the level of the drive electronics? That way a user would have to physically remove the platter to read any useful data. That process would cost more than most data one could recover from an average user's tivo.

On the other hand, yes, this does appear to be a simple patent on tying a hard drive to an electronics unit. Viable attack vectors are already obvious.