TiVo Awarded Patent For Password You Can't Hack

← Back to Stories (view on slashdot.org)

TiVo Awarded Patent For Password You Can't Hack

Posted by Zonk on Saturday May 12, 2007 @12:47PM from the un-hack-able dept.

Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."

11 of 291 comments (clear)

Min score:

Reason:

Sort:

So.... by revlayle · 2007-05-12 12:48 · Score: 5, Funny

3-4 weeks tops?
1. Re:So.... by Anonymous Coward · 2007-05-12 13:00 · Score: 5, Insightful
  
  I want to know if the patent is invalidated when it's broken.
  
  (ie: does making outlandish and incorrect claims in a patent invalidate it?)
2. Re:So.... by rob1980 · 2007-05-12 13:01 · Score: 5, Insightful
  
  No shit. The second your product gets into a consumer's home, its "unhackable" status vanishes.
3. Re:So.... by PC-PHIX · 2007-05-12 15:05 · Score: 5, Informative
  
  Quite true because at that point there is nothing to stop a person simply copying everything off the disk (just a raw copy even if it is still encrypted).
  
  As soon as you can do that, 3 things are true:
  
  (1) You can preserve it on something more reliable (longer life) than the original drive and work on cracking it from there.
  (2) You can make multiple copies and work on it x times faster by attacking each drive/copy with a separate part of the list of possible solutions.
  (3) You can spend as long as you like working on cracking it and when the drive reaches the end of it's life, pick up where you left off working on your clone disk.
  
  More importantly how many copies would you need to make to solve it within a useful time period at all? Would you get the data within a useful time frame? Within years? Within your own life time?
  
  Obviously if they have made it so that you can only access the drive with a specific controller then the idea of taking copies is significantly more difficult, but from what I've read it's just a regular Western Digital drive which means you could hook it up and take a raw image of the entire disk even without being able to decode the contents at that point. So as the parent said, you're not hacking it "in situ" and as soon as the drive gets into a consumer's home, you've handed of a the data to be copied.
  
  This is just a patent for making hacking difficult, but since when does that stop anyone?
  
  Meanwhile, I am not even going to bother trying to figure out how this is a solution for "securing networks".
  
  --
  Optimist: The thumb drive is half empty! Pessimist: The thumb drive is half full...
4. Re:So.... by jddj · 2007-05-12 15:29 · Score: 5, Insightful
  
  I don't think so.
  
  In the US at least, there's no requirement that a patented idea or invention or system actually do anything useful or work or even do what it claims.
  
  There are numerous patents for mind-reading devices, nutjob free energy systems and perpetual motion machines, and searching the USPTO database for the "hyper-light-speed antenna" will produce some interesting reading.
  
  Might as well patent completely unbreakable DRM.
New Marketing Tool by ProdigySim · 2007-05-12 13:10 · Score: 5, Funny

Make a security claim so wild that every hacker will buy your product to try to crack it. $$$$
Nothing Is Unhackable by mmurphy000 · 2007-05-12 13:17 · Score: 5, Funny

When I was a wee tot, I remember seeing a single-panel _Dennis The Menace_ cartoon. The cartoon itself had Dennis' father at a boardroom-type table with a few other people, his briefcase open, and various parts spilling out. The caption was something like "Gentlemen, our new bathroom scale did not pass the 'Dennis test'. We cannot refer to it as 'unbreakable'".

Since then, whenever I've heard about something claiming to be unbreakable, I picture a very broken bathroom scale...

--
The Busy Coder's Guide to Android Development
Hamel's Folly by eddy · 2007-05-12 13:27 · Score: 5, Interesting

On the dangers of assuming keyspace => security:

The mechanical ciphering machine invented by Alexander von Kryha in 1924 received the Prize of the Prussian Ministry of the Interior at the 1926 Police Fair and a Diploma from the famous postwar Chancellor of Germany, Konrad Adenauer, at the International Press Exhibition in Cologne two year later. Von Kryha was not only an inventor, but also an astute entrepreneur. To promote his commercial venture Internationale Kryha Machinen Gesellschaft of Hamburg, Kryha turned to the famous mathematician Georg Hamel for an endorsement. Hamel calculated the size of the key space to be 4.57*10^50 and concluded that only immortals could cryptanalyze Kryha ciphertext. Not withstanding Hamels estimate, a cryptanalysis of the Kryha machine by Friedman did not require as much time and is described in the ''2 Hours, 41 Minutes,'' a chapter in Machine Cryptography and Modern Cryptanalysis [Devoirs and Ruth, 1985].

from ''Computer Security and Cryptography'', Alan G. Konheim.

--
Belief is the currency of delusion.
How is this news? by Sycraft-fu · 2007-05-12 14:02 · Score: 5, Insightful

It's not like good crypto is hard to come by. I mean if I pick a good password with AES you aren't cracking that in your lifetime, much less the life of a harddrive. The problem isn't a good password, the problem is that DRM tries to use crypto for something it isn't made for. Crypto is about keeping out non trusted parties. That's how SSH works. You have the key, the server has the key and thus only you and the server can decrypt the traffic. Anyone else can capture everything if they want, and they are going to get all of nowhere with it.

The problem with DRM is that the person who is the recipient is also one of the people they want to keep out. This creates a problem: To decrypt the message (by message I mean whatever they are giving you, video, song, game, whatever) you have to give them the key. However, if they have the key, well then they can decrypt it and do what they want with it.

This leads to all the tricky, and ineffective, stuff we see these days. They try to hide the key so that only the device can find it and you can't get at it. Well that just don't work. It can make it so it isn't as simple as just copying a disk, but as we've seen with the AACS break, you can't hide that shit from a determined attacker. The key IS on there, it CAN be found.

So I don't care how good their password scheme is. AES-256 with a 64 character password is good enough to last until the sun goes dark (or at least until quantum computing becomes a reality) but that doesn't buy you anything if you have to hand out the key as part of your scheme as is required by DRM.
Re:Really? by kimvette · 2007-05-12 14:08 · Score: 5, Funny

TiVo has always been know for thinking outside of the box,

No they're not. They've always been known for seeking to keep everything IN the box.

--
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
IANAL... by untree · 2007-05-12 15:09 · Score: 5, Informative

...but I am a law student and just took an introductory IP course, so I'll try to answer. A patent must actually do what you claim it does. But they don't claim it can't be cracked:

...difficult or impossible...

...significantly more secure...