Microsoft can present distortions of fact or outright untruths. You spend your presentation time debunking the FUD.
And, on the fly, if you don't know what new crap they're going to come up with. You have to be prepared to refute every possible untruth and distortion.
Not that I'm suggesting that they should be given a hearing. It's just that it seems to futile. I talk with a Microsoft shill all the time, and it is just such a waste.
I'm working on a project involving multi-party encryption.
That is interesting.
Now that we've discussed this, I am fascinated by the idea of multi parts of an OTP that was never known to anyone. Each party supplies their own random "part" of the key material. Each part was encrypted using a public key generated by the crypto card. Thus, it can never be decrypted, except inside the card. So the actual raw random bits are now unknown. (They could be encrypted by the public key even during generation.) You know, as I think of it, I'll bet the crypto card has a random generator (not psuedo). By loading a custom application (with all the incredible signing headache that is) onto the crypto card, you could have the crypto card produce three encrypted stremas of data to save. Even if you have all three encrypted streams together, you cannot recover the OTP from them, because the three streams can only be decrypted and then combined into a OTP from inside the crypto card. Outside the card, you can never decrypt those three streams. Now they are really secret. In fact, one key known inside the card could encrypt them all. Thus, you could have a multi-part key with an unlimited number of parts.
You could build the application to require a minimum number of key parts to send a message. Thus a message could be sent if you have a minimum of 1 General and 2 Majors. But also if you have 3 Majors and 3 Captians. In the message header, indicate which key parts make up the OTP, but using another OTP.
Even if you know which three people sent the message (known plaintext against the "header" OTP), you can't alter it, or the message won't decrypt at the other end, because the receiver will use the wrong sets of key material to form some OTP to decrypt.
In other words, I may have 7 sets of key material, but any 3 of them can be XOR'ed to form a OTP. In the message I must have a header indicating which 3 random streams to form the OTP to decrypt with. This message header is encrypted using an eighth OTP used only for this purpose.
Anyway, I'm just having a fascinating time thinking about all of this.
It really makes me wonder what kind of thinking goes into real systems that keep important secrets vs. my amatuer scheming.
And given the free availability of high-quality operating systems is directly relevant to whether or not M$ is a monopoly
A monopoly is about control of a market. Microsoft has that. To be taken seriously, you must interoperate with Microsoft. Microsoft actively works to prevent that. When you have a monopoly, you must not do this.
it can hardly be characterized as "changing the subject."
The availability of other systems is irrelevant to whether Microsoft is engaged in the acts alleged in the complaint. If a new software package appears tomorrow (free, high quality, low quality, expensive, whatever), does the existance of that package mean Microsoft has not done the acts alleged? Therefore, I see bringing up the whole "free software competition" argument as changing the subject from the actual substance of the complaint.
By not supporting UCITA, the ABA's member lawyers get more business by filing lawsuits, like the recently filed one mentioned in the article, even if those suits are to protect our rights.
The OTP bits are by definition unknowable in advance by MITM. Now even if the entire plaintext is known by MITM, as you suggest, MITM can recover the OTP-bits that were xored with Plaintext. But so what? Since the next 16 bytes (128 bits) of OTP (unknowable) are appended to Plaintext to affect the MD5, then MITM cannot possibly ever generate the correct MD5 value to authenticate the message.
Very simple. Prevents forgeries when all Plaintext is known. Does not use PKI. Only uses secure OTP.
The MD5 can be sequentially processed at both the transmitting and recieving end.
Schemes for key management, and designs to exploit the additional security of tamper proof cards are a seperate issue. But I do love the idea that the OTP never exists anywhere (was destroyed after Bob, Fred and Joe's CD's were made) and is only recreated in an environment unknowable to the outside world.
now imagine that anyone can get paper from the minor suppliers for free, faster and easier than getting it from the major supplier, not to mention that the paper is higher quality
Like I said. This is just a tactic to change the subject from the original actual complaint. But I should have known it would happen anyway.
Now imagine that the free, high quality paper is more difficult to use, has various interoperability problems, and is otherwise disadvantaged by the illegal tactics specified in the original complaint. Many people already use the monopoly paper and are effectively locked in to it. (Why no analogy is perfect.)
The free paper availability just changes the subject from the illegal behavior that needs to be addressed.
That's a reasonable precaution against capture of the pad. You're more likely to notice one of three attempts to break in and steal the OTP, etc. But once they're XORed together, you're back to a single key.
I understand that, and the implications.
Assuming the malicious attacker knows the whole message, and how to calculate the digest (a safe bet), he can always substitute his own message (and the appropriate digest).
You have an excellent point here. My assumption was that some part of the message it not known. Then the digest cannot be calculated. I suppose you could use a psuedo-random generator to generate a sequence identifier, and XOR this with additional OTP bits, thus hiding anything about how the PRNG works. Then include this in the MD5 sum. Now even if ALL of the plaintext is known to MITM, he can't calculate the correct MD5, because he knows nothing about the PRNG ^ OTP-bits.
The purpose of this is to prevent any MITM attacks or forgeries.
The purpose of multiple parts of the key XOR'd together is simply to provide better key management. The actual key never exists. Only in parts. Those parts are encrypted. The keys to that encryption might be then protected by PKI where the private (decryption) key is stored in a tamperproof card, such as IBM's cryptographic coprocessor. (The purpose is that secrets on the card never leave the card. Any attempt to open the card destroys the secrets. There is a whitepaper about how this works and boy is it impressive, detects radation, heat, xray, doesn't emit any signals that can be analyzed, doesn't allow power consumption to be analyzed (onboard battery), etc.)
But don't confuse the two purposes. THe multi-part key is just for OTP management and secrecy. Prevent one person from being able to disclose or even merely discover the OTP value.
Here's my improved multi-key idea. The crypto tamper proof card generates a PKI pair, gives you public key. Next, generate a key to a single key cipher. Encrypt the single key cipher's key using the public key from the crypto card. Now destroy the original single key cipher's key. Now only the crypto card knows the private key to decode, say Bob's key, from his USB dongle on his keyring. Bob's key goes into the crypto card. So does Fred's and Joe's. The crypto card can run custom software (a very complex process of signing, etc. to get it loaded.) Now custom software onboard the card can decrypt Fred's, Joe's and Bob's keys. Use strong decryption to produce the portions of the OTP from three CD-ROMs of encrypted bits. XOR them together. The card does not have much processing power. It just gets fed streams of bits via. the PCI bus. On the card, it produces the OTP, byte by byte, and OTP's it against the plaintext also being fed to the card. The card sends out a ciphertext. At the end, the card sends out an MD5 sum of a PRNG value (might as well keep the PRNG on the crypto card also for true secrecy) xor with additional OTP bits., and that MD5 sum xored with more OTP bits.
Don't confuse the purposes. The purpose of the MD5/OTP bits thing is to prevent any MITM attacks.
Do you see any problem with this scheme?
The fact that the crypto card is tamperproof is not a critical part of the design. You could just substitute this for a trusted PC under guard and only used under supervision. The crypto card merely ensures that secrets on the card, never leave the card, and CAN never leave the card. This card is an off the shelf item. Google for IBM Cryptographic Coprocessor and similar terms. I did a couple years ago.
I recently read, maybe one of the LinuxWorld summary articles or somewhere, some comments from someone at IBM about their embrace of Linux. The person said something to the effect that IBM got a big wakeup call at the end of the 80's that customers did not want vendor lock in.
How I remember it is thus. IBM tried to switch the industry over to a proprietary PC design. Everyone did the "just say no" thing being promoted at the time. IBM found themselves the only one shipping a non-standard PC. This probably was a huge wake up call. Followed, of course, by getting backstabbed by Microsoft over OS/2.
and actually has very ethical business practices now imo, despite their enormous size
Well, let's not go too far here. They are a corporation. Beholden to their shareholders. If they could gain a stranglehold, they would. So would Apple. For instance, I have no doubt whatsoever that Larry Ellison or Steve Jobs would be just as evil, or maybe even moreso than Bill Gates, given the opportunity. Bill just had the lucky break and ruthlessly exploited it.
We like IBM now because they promote open source. I've even heard some motto "cooperate on interface, compete on implementation" supposedly from IBM. But let's not delude ourselves. Their interest is self motivated. Right now, thier interest aligns with some of ours. Things change.
You don't get much more custom made legislation than that.
It seems strange, when you design something yourself, you usually pay less to have it implemented. If you have the outsource vendor both design and implement, you pay more. But with congress, you have to pay more to design the legislation yourself, rather than provide them guidelines and let them actually write it.
One of the things that made software approaches take off was that software is easy to change. You don't need a dedicated circuit designed for each purpose. I remember as a youngster in the decade of polyester suits before popular microcomputers playing with 7400 series TTL gates to build various logic circuits. (e.g. a clock. a burglar alarm with keypad code entry.) As I looked at more sophisticated devices, the logic circuits needed to become way too comples. For instance, from PolyPaks you could order a single digit readout with a 5x7 array of LED's. You would have to multiplex drive this. I never ended up building any breadbord circuits, but I designed a few on paper. I would end up using a PROM after reading about them in Popular Electronics.
It wasn't far from here to make the jump to "programming". I finally "got" the idea when I got hold of a friend's HP25 calculator. I never went back. No longer can remember which end of a soldering iron to pick up.
The greatness of software was that you only had one universal hardware circuit. But you could control the outputs of, say, a parallel port.
Now here we are in the 21st century. Fantastic hardware. But there is the potential for us to lose control of it to powerful, greedy interests.
I would love to see the day when anyone could buy a cheap part and "burn" (or whatever) their own circuit or chip design. This would open the floodgates. Especially if the development systems were cheap, like a CD burner. Especially if your chip could fit into a standard PCI board, or dangling USB module.
This would ward off the dangers of hardware control, just as open source wards off the dangers of software control, and garlic wards off vampires who want to suck you dry through neck lock in's and licensing 6.
....security certifications of any kind while MS has starting with NT4.
Are those only valid if NT is NOT connected to any network? Isn't that the only configuration that was certified? Or do I have some facts incorrect?
Mandate brain implants to close the analog hole
on
Going Cyberpunk
·
· Score: 2, Funny
At a press conference today, the RIAA announced that it is happy to hear about the development of this technology. The RIAA plans to contribute funding to the development of brain implants that can recognize whenever you hear, see, or even think about any copyrighted material. "In order to fund this project through to completion", said Hillary Rosen, "we will need to raise the prices of CD's. But not to worry. This price increase is only temporary."
The MPAA did not return our calls prior to press time, but it is widely anticipated that the MPAA will also be creaming their jeans over this news.
Re:What is an example that can't run in parallel?
on
Forget Moore's Law?
·
· Score: 1
So for an application like Doom, you will always be better off with 1 super fast processor, than multiple slower processors.
I'll agree to this stipulation. For an application like Doom, you would always be better off with local processors. Parallelism is still good, and appears to be the case in the latest graphics cards. Multiple pipelines. It is already a known that render farms are faster than single cpu rendering jobs.
So I disagree with the single processor argument. But I agree with the "local" processor argument. GPU's already use parallelism, in various forms. Your "single processor" really means a single PCI card.
So, as I'm advocating in this thread, I still think massively parallel computers are the future. You just may also have massive parallelism on your interface cards as well. Something I hadn't really thought about.
A long time ago, in a galaxy far, far away, before the dark times, before Microsoft....
There was IBM. An abusive monopoly if there ever was one.
In the book "Big Blue: IBM's Use and Abuse of Power", the author details how in the early 1900's, yes a century ago, IBM learned that they could buy a tremendous amount of good PR by giving lots of money in very public ways to good causes. The amount they gave might seem large, but was really just chump change. A hundred million here. A hundred million there. So fricken what? Does this somehow undo the evil of holding the entire computer using world hostage? Actively fighting the existance of competition or interoperability? Financing this through charging monopoly rents?
Oh yeah, great people these.
Someone once said: What does it profit a man to gain the whole world and lose his soul.
I don't doubt for a moment that all the harshly written criticisms of MS by these people are done on MS-Word.
Oh, the irony.
It is irony. I'm sure Bill Gates is laughing his ass off that people who criticize Microsoft use MS products.
Maybe it isn't irony. Maybe it actually prooves the entire point!
Instead of seeing it as hypocracy, you should see it as monopoly control.
Imagine if one company had total control of all supplies of paper and was abusive. And how stupid you would sound saying that everyone who complained was using their paper to do so. Oh, sure, other minor paper suppliers might exist. And their product might be good, bad or whatever. But that's not the point. That's just a way to change the subject away from the substance of the complaining.
but what the hell does it have to do with bundling of additional apps along with Windows?
That's considered value-added incentive for the consumer.
Well, then if Microsoft is giving away their bundled apps for "free", really free, out of the goodness of their heart, to increase customer value, then what do they have to fear with interoperability. Why don't they open their file formats. Why not allow total and complete interoperability with Windows Media Abomination? In the US antitrust case, it came out that Microsoft spent $150 million in developing IE (after first "acquiring" it). Then they give it away for free? Even the judge was skeptical. I'm sure Microsoft, being the charity it is, had nothing but pure motives in spending that much money on something that they would make no profit on.
It's not like you have to actually use those apps... install whatever alternatives you want.
The whole point of the complaint is that Microsoft has been and is working hard to prevent alternatives.
You know, when I go to Dell's web site, I can configure a machine. Popup menus allow me to choose various configuration options. Guess what choices I get for Operating System? Let's not even bring up Free software. Let's just compare to, say a DVD player. The choice is DVD or No DVD. How about Windows or No OS? Shipping a CD hardware diagnostic would be the extent of the "support" they would have to provide. Just as they now say, insert the Windows CD to reformat and reinstall -- click. They could say -- insert the Diagnostic CD to proove that the hardware works perfectly -- click.
As for disclosing Office document format... hell they created it, under their own terms and conditions
If Microsoft is so wonderful, and everybody chooses it willingly, then what has Microsoft to fear of competition? Or are you suggesting that people would dare choose competing products?
Since Microsoft has been found to be a monopoly, they should be compelled to provide interoperable formats. Or do you actually advocate that one player should be able to have a chokehold on the entire computer-using world?
I think the CCIA has gone overzealous in its approach to pin MS. They should have gotten more facts correct before publishing this paper.
how many peolpe saying "yay! MS sucks! I hate Bill! Its the evil empire!" Are typing from Internet Explorer
Yeah, Microsoft sure is popular. Everyone uses Microsoft. It must be by choice because they are the best among all of the many alternatives in the highly competitive landscape of choices.
News flash: income tax has been found to be extremely popular!
This really isn't anything new; still the same old arguments. I guess after the success by Sun to get Java forcebly included in the US, the EU decided to try that angle. Oh yeah, and this story is old. Move along...
This really isn't anything new, still the same old abuse. I guess after the failure by the US and others to try to get Microsoft to play fair on a level playing field, the EU decided to try that angle. Oh yeah, and this story is old. Move along...
All these anti-trust suites are getting a little boring and aren't doing any good.
I disagree. They are doing good, even though the remedies, so far in the US, have bordered on almost being "rewards".
They are doing good. Just not enough good. The fact that Microsoft is now widely recognized, evey by Microsoft users, as being untrustworthy is a good thing. Look at how Microsoft dealt with Sendo. Look at how the Sony and Matsushita, two bitter rivals have joined together against Microsoft. Everyone knows that you can't shake hands with the devil. Microsoft's history of stabbing every one of their partners in the back is going to come back to bite them. Nobody will want to partner with them.
BillG: Hey, Sony, why don't you use Windows CE? Partner with us!
BillG: Hey, Nokia, why don't you use our Stinker OS in your phones? (er.. I meant Stinger)
BillG: Hey everyone, look at my vision, unveiled at consumer electronics shows, to take over everything in the home with Microsoft software! You can still make the hardware, on razor thin, cut throat margins, with no real control of the design, or differentiation of your products, just like we've done to the PC industry.
Do you think anyone in their right minds is going to agree to this. Microsoft has no friends left.
In the future Microsoft may have to custom taylor its abuse to different jurisdictions. Okay, we'll start making Word save in different formats. One for the US. One for the EU. The EU format will be documented. The US format NOT.
The practice of keeping secrets, like file formats, is ancient and is known as cryptography. Microsoft could simplify the process by just encrypting with different keys. The code could be highly resistant to recovering the key. (Lots of approaches here, such as having an interpreter in which the crypto code is written, etc. See phrack.) But even that the key can be recovered by a determined enough evildoer just prooves that we need Palladium.
Re:What is an example that can't run in parallel?
on
Forget Moore's Law?
·
· Score: 1
Most code today isn't terribly optimized, it just runs 'fast enough'.
I agree and disagree.
Most code isn't terribly optimized. But some critical code is optimized. I'm sure Photoshop doesn't go to great lengths to optimize all of the code paths through the user interface routines. But as soon as you pick an operation like "guassian blur", just to pick an example, I'll bet that is heavily optimized. Even parallelized. (I remember reading about experimental parallel implementations some years ago on multi-CPU Macintosh machines.)
My point. You're right that most of Word might not be optimized. But a highly performance critical routine would be. An encryption routine. A fractal calculation. A rendering operation.
On your 8 way box, you may barely use 1 processor all the time you are creating a 3D model. As soon as you click "render", the load on all 8 processors may go to 100%. But you're right, the "modelling" code, or more generally, interactive code runs just fast enough.
This doesn't work though, in the situation where you know *the full, exact plaintext*. If you do, you can substitute any message of the same length and calculate your own message digest.
What you missed is that before sending the digest, you XOR it with additional bits of the OTP. Now the MITM can't possibly provide the correct OTP-encrypted digest.
So even using only OTP (proovably secure) and no PKI at all, you can ensure no successful MITM attacks even of the known plaintext variety.
With all the weakness that can come from an incorrectly used OTP you're better off avoiding them unless you *need* absolute security that you'll lose if they invent a magical way to factor numbers tomorrow.
Please clarify. The first half of the sentence seems to refer to avoiding OTP, the second half seems to refer to PKI.
More thoughts on OTP. The OTP can actually be made up of multiple parts XORed together. In order to send a message, I need to form the OTP. The OTP is never stored anywhere. But Bob, Frank and Joe each have a CDROM with a file of random bits. I take the next bits from the same parts of each of their files, XOR them together to form the actual OTP used for transmission.
Keeping the OTP under guard, say at an embassy or military installation is not that difficult. Even if different people have multiple "parts" of the key material needed to construct the OTP. Now, collusion would be necessary in order to compromise the OTP.
It may be that Bob, Frank and Joe don't actually keep posession of their key portions. These are stored inside the guarded crypto machine. Each of the three files of bits are encrypted using a strong cipher and Bob, Frank and Joe simply carry a token on their keyring, a PIN, and/or a biometric value form the key to decrypt their portions of the key material in the machine when a transmission is necessary.
You end up with all kinds of security. Proovably unreadable and unforgeable messages between installations. Within an installation, strong crypto is used inside the crypto machine to protect the OTP material. No one person can ever see the OTP material. In fact, it never leaves the machine, whose chips could be covered in epoxy resin. I'm sure someone imaginitive, who has nothing better to do than think about this problem for 8 Hrs / day could even improve upon my hypothetical scheme here to securely transmit secrets between various installations.
So do you still have any concerns about MITM attacks on an OTP based system?
Slashdot Mirror
Microsoft can present distortions of fact or outright untruths. You spend your presentation time debunking the FUD.
And, on the fly, if you don't know what new crap they're going to come up with. You have to be prepared to refute every possible untruth and distortion.
Not that I'm suggesting that they should be given a hearing. It's just that it seems to futile. I talk with a Microsoft shill all the time, and it is just such a waste.
I'm working on a project involving multi-party encryption.
That is interesting.
Now that we've discussed this, I am fascinated by the idea of multi parts of an OTP that was never known to anyone. Each party supplies their own random "part" of the key material. Each part was encrypted using a public key generated by the crypto card. Thus, it can never be decrypted, except inside the card. So the actual raw random bits are now unknown. (They could be encrypted by the public key even during generation.) You know, as I think of it, I'll bet the crypto card has a random generator (not psuedo). By loading a custom application (with all the incredible signing headache that is) onto the crypto card, you could have the crypto card produce three encrypted stremas of data to save. Even if you have all three encrypted streams together, you cannot recover the OTP from them, because the three streams can only be decrypted and then combined into a OTP from inside the crypto card. Outside the card, you can never decrypt those three streams. Now they are really secret. In fact, one key known inside the card could encrypt them all. Thus, you could have a multi-part key with an unlimited number of parts.
You could build the application to require a minimum number of key parts to send a message. Thus a message could be sent if you have a minimum of 1 General and 2 Majors. But also if you have 3 Majors and 3 Captians. In the message header, indicate which key parts make up the OTP, but using another OTP.
Even if you know which three people sent the message (known plaintext against the "header" OTP), you can't alter it, or the message won't decrypt at the other end, because the receiver will use the wrong sets of key material to form some OTP to decrypt.
In other words, I may have 7 sets of key material, but any 3 of them can be XOR'ed to form a OTP. In the message I must have a header indicating which 3 random streams to form the OTP to decrypt with. This message header is encrypted using an eighth OTP used only for this purpose.
Anyway, I'm just having a fascinating time thinking about all of this.
It really makes me wonder what kind of thinking goes into real systems that keep important secrets vs. my amatuer scheming.
And given the free availability of high-quality operating systems is directly relevant to whether or not M$ is a monopoly
A monopoly is about control of a market. Microsoft has that. To be taken seriously, you must interoperate with Microsoft. Microsoft actively works to prevent that. When you have a monopoly, you must not do this.
it can hardly be characterized as "changing the subject."
The availability of other systems is irrelevant to whether Microsoft is engaged in the acts alleged in the complaint. If a new software package appears tomorrow (free, high quality, low quality, expensive, whatever), does the existance of that package mean Microsoft has not done the acts alleged? Therefore, I see bringing up the whole "free software competition" argument as changing the subject from the actual substance of the complaint.
By not supporting UCITA, the ABA's member lawyers get more business by filing lawsuits, like the recently filed one mentioned in the article, even if those suits are to protect our rights.
You know, actually, at this point we're discussing two things, and we were originally discussing one thing. Very productively I might add.
Back to MITM attacks on OTP.
I got to thinking, and realize that the scheme I previously outlined could be simplified.
Transmission = (Plaintext ^ OTP-bits) + MD5( Plaintext + 16bytes-of-OTP )
The OTP bits are by definition unknowable in advance by MITM. Now even if the entire plaintext is known by MITM, as you suggest, MITM can recover the OTP-bits that were xored with Plaintext. But so what? Since the next 16 bytes (128 bits) of OTP (unknowable) are appended to Plaintext to affect the MD5, then MITM cannot possibly ever generate the correct MD5 value to authenticate the message.
Very simple. Prevents forgeries when all Plaintext is known. Does not use PKI. Only uses secure OTP.
The MD5 can be sequentially processed at both the transmitting and recieving end.
Schemes for key management, and designs to exploit the additional security of tamper proof cards are a seperate issue. But I do love the idea that the OTP never exists anywhere (was destroyed after Bob, Fred and Joe's CD's were made) and is only recreated in an environment unknowable to the outside world.
now imagine that anyone can get paper from the minor suppliers for free, faster and easier than getting it from the major supplier, not to mention that the paper is higher quality
Like I said. This is just a tactic to change the subject from the original actual complaint. But I should have known it would happen anyway.
Now imagine that the free, high quality paper is more difficult to use, has various interoperability problems, and is otherwise disadvantaged by the illegal tactics specified in the original complaint. Many people already use the monopoly paper and are effectively locked in to it. (Why no analogy is perfect.)
The free paper availability just changes the subject from the illegal behavior that needs to be addressed.
That's a reasonable precaution against capture of the pad. You're more likely to notice one of three attempts to break in and steal the OTP, etc. But once they're XORed together, you're back to a single key.
I understand that, and the implications.
Assuming the malicious attacker knows the whole message, and how to calculate the digest (a safe bet), he can always substitute his own message (and the appropriate digest).
You have an excellent point here. My assumption was that some part of the message it not known. Then the digest cannot be calculated. I suppose you could use a psuedo-random generator to generate a sequence identifier, and XOR this with additional OTP bits, thus hiding anything about how the PRNG works. Then include this in the MD5 sum. Now even if ALL of the plaintext is known to MITM, he can't calculate the correct MD5, because he knows nothing about the PRNG ^ OTP-bits.
So...
CipherText = (PlainText ^ OTP-bits) + (MD5( Plaintext + (PRNG ^ OTP-bits) ) ^ OTP-bits)
The purpose of this is to prevent any MITM attacks or forgeries.
The purpose of multiple parts of the key XOR'd together is simply to provide better key management. The actual key never exists. Only in parts. Those parts are encrypted. The keys to that encryption might be then protected by PKI where the private (decryption) key is stored in a tamperproof card, such as IBM's cryptographic coprocessor. (The purpose is that secrets on the card never leave the card. Any attempt to open the card destroys the secrets. There is a whitepaper about how this works and boy is it impressive, detects radation, heat, xray, doesn't emit any signals that can be analyzed, doesn't allow power consumption to be analyzed (onboard battery), etc.)
But don't confuse the two purposes. THe multi-part key is just for OTP management and secrecy. Prevent one person from being able to disclose or even merely discover the OTP value.
Here's my improved multi-key idea. The crypto tamper proof card generates a PKI pair, gives you public key. Next, generate a key to a single key cipher. Encrypt the single key cipher's key using the public key from the crypto card. Now destroy the original single key cipher's key. Now only the crypto card knows the private key to decode, say Bob's key, from his USB dongle on his keyring. Bob's key goes into the crypto card. So does Fred's and Joe's. The crypto card can run custom software (a very complex process of signing, etc. to get it loaded.) Now custom software onboard the card can decrypt Fred's, Joe's and Bob's keys. Use strong decryption to produce the portions of the OTP from three CD-ROMs of encrypted bits. XOR them together. The card does not have much processing power. It just gets fed streams of bits via. the PCI bus. On the card, it produces the OTP, byte by byte, and OTP's it against the plaintext also being fed to the card. The card sends out a ciphertext. At the end, the card sends out an MD5 sum of a PRNG value (might as well keep the PRNG on the crypto card also for true secrecy) xor with additional OTP bits., and that MD5 sum xored with more OTP bits.
Don't confuse the purposes. The purpose of the MD5/OTP bits thing is to prevent any MITM attacks.
Do you see any problem with this scheme?
The fact that the crypto card is tamperproof is not a critical part of the design. You could just substitute this for a trusted PC under guard and only used under supervision. The crypto card merely ensures that secrets on the card, never leave the card, and CAN never leave the card. This card is an off the shelf item. Google for IBM Cryptographic Coprocessor and similar terms. I did a couple years ago.
Fortunately, IBM has learned from it's mistakes
I recently read, maybe one of the LinuxWorld summary articles or somewhere, some comments from someone at IBM about their embrace of Linux. The person said something to the effect that IBM got a big wakeup call at the end of the 80's that customers did not want vendor lock in.
How I remember it is thus. IBM tried to switch the industry over to a proprietary PC design. Everyone did the "just say no" thing being promoted at the time. IBM found themselves the only one shipping a non-standard PC. This probably was a huge wake up call. Followed, of course, by getting backstabbed by Microsoft over OS/2.
and actually has very ethical business practices now imo, despite their enormous size
Well, let's not go too far here. They are a corporation. Beholden to their shareholders. If they could gain a stranglehold, they would. So would Apple. For instance, I have no doubt whatsoever that Larry Ellison or Steve Jobs would be just as evil, or maybe even moreso than Bill Gates, given the opportunity. Bill just had the lucky break and ruthlessly exploited it.
We like IBM now because they promote open source. I've even heard some motto "cooperate on interface, compete on implementation" supposedly from IBM. But let's not delude ourselves. Their interest is self motivated. Right now, thier interest aligns with some of ours. Things change.
The DMCA is a really poorly written law
Written by our friend Jack Valenti.
You don't get much more custom made legislation than that.
It seems strange, when you design something yourself, you usually pay less to have it implemented. If you have the outsource vendor both design and implement, you pay more. But with congress, you have to pay more to design the legislation yourself, rather than provide them guidelines and let them actually write it.
Just because something can be done poorly doesn't mean it must be done poorly.
wasn't something similar to this said at the conference in Kittomer?
This is what I was going to say.
This gives us great freedom with hardware.
One of the things that made software approaches take off was that software is easy to change. You don't need a dedicated circuit designed for each purpose. I remember as a youngster in the decade of polyester suits before popular microcomputers playing with 7400 series TTL gates to build various logic circuits. (e.g. a clock. a burglar alarm with keypad code entry.) As I looked at more sophisticated devices, the logic circuits needed to become way too comples. For instance, from PolyPaks you could order a single digit readout with a 5x7 array of LED's. You would have to multiplex drive this. I never ended up building any breadbord circuits, but I designed a few on paper. I would end up using a PROM after reading about them in Popular Electronics.
It wasn't far from here to make the jump to "programming". I finally "got" the idea when I got hold of a friend's HP25 calculator. I never went back. No longer can remember which end of a soldering iron to pick up.
The greatness of software was that you only had one universal hardware circuit. But you could control the outputs of, say, a parallel port.
Now here we are in the 21st century. Fantastic hardware. But there is the potential for us to lose control of it to powerful, greedy interests.
I would love to see the day when anyone could buy a cheap part and "burn" (or whatever) their own circuit or chip design. This would open the floodgates. Especially if the development systems were cheap, like a CD burner. Especially if your chip could fit into a standard PCI board, or dangling USB module.
This would ward off the dangers of hardware control, just as open source wards off the dangers of software control, and garlic wards off vampires who want to suck you dry through neck lock in's and licensing 6.
Are those only valid if NT is NOT connected to any network? Isn't that the only configuration that was certified? Or do I have some facts incorrect?
At a press conference today, the RIAA announced that it is happy to hear about the development of this technology. The RIAA plans to contribute funding to the development of brain implants that can recognize whenever you hear, see, or even think about any copyrighted material. "In order to fund this project through to completion", said Hillary Rosen, "we will need to raise the prices of CD's. But not to worry. This price increase is only temporary."
The MPAA did not return our calls prior to press time, but it is widely anticipated that the MPAA will also be creaming their jeans over this news.
So for an application like Doom, you will always be better off with 1 super fast processor, than multiple slower processors.
I'll agree to this stipulation. For an application like Doom, you would always be better off with local processors. Parallelism is still good, and appears to be the case in the latest graphics cards. Multiple pipelines. It is already a known that render farms are faster than single cpu rendering jobs.
So I disagree with the single processor argument. But I agree with the "local" processor argument. GPU's already use parallelism, in various forms. Your "single processor" really means a single PCI card.
So, as I'm advocating in this thread, I still think massively parallel computers are the future. You just may also have massive parallelism on your interface cards as well. Something I hadn't really thought about.
MS will match any employee donation to, afaik, any charity
Sounds like a potential exploit if I ever heard of one.
Sort of like Microsoft's code.
A long time ago, in a galaxy far, far away, before the dark times, before Microsoft....
There was IBM. An abusive monopoly if there ever was one.
In the book "Big Blue: IBM's Use and Abuse of Power", the author details how in the early 1900's, yes a century ago, IBM learned that they could buy a tremendous amount of good PR by giving lots of money in very public ways to good causes. The amount they gave might seem large, but was really just chump change. A hundred million here. A hundred million there. So fricken what? Does this somehow undo the evil of holding the entire computer using world hostage? Actively fighting the existance of competition or interoperability? Financing this through charging monopoly rents?
Oh yeah, great people these.
Someone once said: What does it profit a man to gain the whole world and lose his soul.
I always assumed a lawsuit against them in the US would be world-wide
Yeah, just like American tobacco companies play nice outside the US.
I don't doubt for a moment that all the harshly written criticisms of MS by these people are done on MS-Word.
Oh, the irony.
It is irony. I'm sure Bill Gates is laughing his ass off that people who criticize Microsoft use MS products.
Maybe it isn't irony. Maybe it actually prooves the entire point!
Instead of seeing it as hypocracy, you should see it as monopoly control.
Imagine if one company had total control of all supplies of paper and was abusive. And how stupid you would sound saying that everyone who complained was using their paper to do so. Oh, sure, other minor paper suppliers might exist. And their product might be good, bad or whatever. But that's not the point. That's just a way to change the subject away from the substance of the complaining.
I know I shouldn't feed the trolls, but...
but what the hell does it have to do with bundling of additional apps along with Windows?
That's considered value-added incentive for the consumer.
Well, then if Microsoft is giving away their bundled apps for "free", really free, out of the goodness of their heart, to increase customer value, then what do they have to fear with interoperability. Why don't they open their file formats. Why not allow total and complete interoperability with Windows Media Abomination? In the US antitrust case, it came out that Microsoft spent $150 million in developing IE (after first "acquiring" it). Then they give it away for free? Even the judge was skeptical. I'm sure Microsoft, being the charity it is, had nothing but pure motives in spending that much money on something that they would make no profit on.
It's not like you have to actually use those apps... install whatever alternatives you want.
The whole point of the complaint is that Microsoft has been and is working hard to prevent alternatives.
You know, when I go to Dell's web site, I can configure a machine. Popup menus allow me to choose various configuration options. Guess what choices I get for Operating System? Let's not even bring up Free software. Let's just compare to, say a DVD player. The choice is DVD or No DVD. How about Windows or No OS? Shipping a CD hardware diagnostic would be the extent of the "support" they would have to provide. Just as they now say, insert the Windows CD to reformat and reinstall -- click. They could say -- insert the Diagnostic CD to proove that the hardware works perfectly -- click.
As for disclosing Office document format... hell they created it, under their own terms and conditions
If Microsoft is so wonderful, and everybody chooses it willingly, then what has Microsoft to fear of competition? Or are you suggesting that people would dare choose competing products?
Since Microsoft has been found to be a monopoly, they should be compelled to provide interoperable formats. Or do you actually advocate that one player should be able to have a chokehold on the entire computer-using world?
I think the CCIA has gone overzealous in its approach to pin MS. They should have gotten more facts correct before publishing this paper.
Please show what facts they have gotten wrong.
how many peolpe saying "yay! MS sucks! I hate Bill! Its the evil empire!" Are typing from Internet Explorer
Yeah, Microsoft sure is popular. Everyone uses Microsoft. It must be by choice because they are the best among all of the many alternatives in the highly competitive landscape of choices.
News flash: income tax has been found to be extremely popular!
This really isn't anything new; still the same old arguments. I guess after the success by Sun to get Java forcebly included in the US, the EU decided to try that angle. Oh yeah, and this story is old. Move along...
This really isn't anything new, still the same old abuse. I guess after the failure by the US and others to try to get Microsoft to play fair on a level playing field, the EU decided to try that angle. Oh yeah, and this story is old. Move along...
All these anti-trust suites are getting a little boring and aren't doing any good.
I disagree. They are doing good, even though the remedies, so far in the US, have bordered on almost being "rewards".
They are doing good. Just not enough good. The fact that Microsoft is now widely recognized, evey by Microsoft users, as being untrustworthy is a good thing. Look at how Microsoft dealt with Sendo. Look at how the Sony and Matsushita, two bitter rivals have joined together against Microsoft. Everyone knows that you can't shake hands with the devil. Microsoft's history of stabbing every one of their partners in the back is going to come back to bite them. Nobody will want to partner with them.
BillG: Hey, Sony, why don't you use Windows CE? Partner with us!
BillG: Hey, Nokia, why don't you use our Stinker OS in your phones? (er.. I meant Stinger)
BillG: Hey everyone, look at my vision, unveiled at consumer electronics shows, to take over everything in the home with Microsoft software! You can still make the hardware, on razor thin, cut throat margins, with no real control of the design, or differentiation of your products, just like we've done to the PC industry.
Do you think anyone in their right minds is going to agree to this. Microsoft has no friends left.
That's an execllent point.
In the future Microsoft may have to custom taylor its abuse to different jurisdictions. Okay, we'll start making Word save in different formats. One for the US. One for the EU. The EU format will be documented. The US format NOT.
The practice of keeping secrets, like file formats, is ancient and is known as cryptography. Microsoft could simplify the process by just encrypting with different keys. The code could be highly resistant to recovering the key. (Lots of approaches here, such as having an interpreter in which the crypto code is written, etc. See phrack.) But even that the key can be recovered by a determined enough evildoer just prooves that we need Palladium.
Most code today isn't terribly optimized, it just runs 'fast enough'.
I agree and disagree.
Most code isn't terribly optimized. But some critical code is optimized. I'm sure Photoshop doesn't go to great lengths to optimize all of the code paths through the user interface routines. But as soon as you pick an operation like "guassian blur", just to pick an example, I'll bet that is heavily optimized. Even parallelized. (I remember reading about experimental parallel implementations some years ago on multi-CPU Macintosh machines.)
My point. You're right that most of Word might not be optimized. But a highly performance critical routine would be. An encryption routine. A fractal calculation. A rendering operation.
On your 8 way box, you may barely use 1 processor all the time you are creating a 3D model. As soon as you click "render", the load on all 8 processors may go to 100%. But you're right, the "modelling" code, or more generally, interactive code runs just fast enough.
This doesn't work though, in the situation where you know *the full, exact plaintext*. If you do, you can substitute any message of the same length and calculate your own message digest.
What you missed is that before sending the digest, you XOR it with additional bits of the OTP. Now the MITM can't possibly provide the correct OTP-encrypted digest.
So even using only OTP (proovably secure) and no PKI at all, you can ensure no successful MITM attacks even of the known plaintext variety.
With all the weakness that can come from an incorrectly used OTP you're better off avoiding them unless you *need* absolute security that you'll lose if they invent a magical way to factor numbers tomorrow.
Please clarify. The first half of the sentence seems to refer to avoiding OTP, the second half seems to refer to PKI.
More thoughts on OTP. The OTP can actually be made up of multiple parts XORed together. In order to send a message, I need to form the OTP. The OTP is never stored anywhere. But Bob, Frank and Joe each have a CDROM with a file of random bits. I take the next bits from the same parts of each of their files, XOR them together to form the actual OTP used for transmission.
Keeping the OTP under guard, say at an embassy or military installation is not that difficult. Even if different people have multiple "parts" of the key material needed to construct the OTP. Now, collusion would be necessary in order to compromise the OTP.
It may be that Bob, Frank and Joe don't actually keep posession of their key portions. These are stored inside the guarded crypto machine. Each of the three files of bits are encrypted using a strong cipher and Bob, Frank and Joe simply carry a token on their keyring, a PIN, and/or a biometric value form the key to decrypt their portions of the key material in the machine when a transmission is necessary.
You end up with all kinds of security. Proovably unreadable and unforgeable messages between installations. Within an installation, strong crypto is used inside the crypto machine to protect the OTP material. No one person can ever see the OTP material. In fact, it never leaves the machine, whose chips could be covered in epoxy resin. I'm sure someone imaginitive, who has nothing better to do than think about this problem for 8 Hrs / day could even improve upon my hypothetical scheme here to securely transmit secrets between various installations.
So do you still have any concerns about MITM attacks on an OTP based system?