Given that such a proposal is pure lunacy, isn't is possible that Senator Hatch is just trying to draw attention to the fact that the content industry is off its rocker? The only way to get the public mobilized against the copyright cartel is to push so far that even Joe six-pak is pissed off about it. When computers start bursting info flames in retaliation for a victimless crime like copyright infingement, then you'll see some real changes in the Congress.
But such a certificate would be useless unless the Palladium hardware also had the corresponding private key stored internally, so that it could prove that it was the owner of the certificate. If that is the case, then hackers can extract the private key from the chip using traditional smartcard hacking techniques.
This is definately possible. A company like VMWare could implement a psuedo-driver that appeared to the operating system to be real Palladium hardware. Of course this driver wouldn't have access to the keys inside your real Palladium hardware, but it could generate its own keys. Other machines on the internet would never be able to tell the difference.
The only way to plug this hole is to have a "master key" embedded in all Palladium chips which nobody but Microsoft knows. Microsoft has specifically said that it won't include a master key in the system because such a key would inevitably get discovered or leaked.
One problem with Perl, is that it's very hard to read somebody else's Perl code. Most Perl hackers can write scripts that do amazing things in much less space/time than a traditional compiled language, but their code is indecipherable to even other skilled Perl hackers. If you've ever maintained a large Perl program written by someone other than yourself, you know what I'm talking about.
Adding more features to the language will only make this problem worse. Very few Perl programmers know more than a fraction of Perl's syntax. More syntax means more stuff that your average Perl programmer doesn't understand! This is a huge impediment to writing a large project in Perl.
Languages like C and Java stay alive precisely because they're not very expressive. You can write huge behemoth-sized projects and still have some hope of maintaining them, because there just aren't that many ways to obfuscate the code.
First, let me say that I understand the goals of Palladium, including why it would be a valuable technology for MS customers and others; and I think I understand as well as anyone how the technology works, having only seen the publicly available information. My question is:
What makes Microsoft think that Palladium won't be broken or circumvented, given that the information security community at large has not had a chance to review the technology?
Slashdot Mirror
If you don't get this joke, you haven't been here.
Given that such a proposal is pure lunacy, isn't is possible that Senator Hatch is just trying to draw attention to the fact that the content industry is off its rocker? The only way to get the public mobilized against the copyright cartel is to push so far that even Joe six-pak is pissed off about it. When computers start bursting info flames in retaliation for a victimless crime like copyright infingement, then you'll see some real changes in the Congress.
But such a certificate would be useless unless the Palladium hardware also had the corresponding private key stored internally, so that it could prove that it was the owner of the certificate. If that is the case, then hackers can extract the private key from the chip using traditional smartcard hacking techniques.
This is definately possible. A company like VMWare could implement a psuedo-driver that appeared to the operating system to be real Palladium hardware. Of course this driver wouldn't have access to the keys inside your real Palladium hardware, but it could generate its own keys. Other machines on the internet would never be able to tell the difference.
The only way to plug this hole is to have a "master key" embedded in all Palladium chips which nobody but Microsoft knows. Microsoft has specifically said that it won't include a master key in the system because such a key would inevitably get discovered or leaked.
If you already live in California (about 1/6 of the population of the USA does) then this bill doesn't affect you.
This is sort of like the massive tax on hotel rooms. Tax people from out of town, because they can't vote against the politicians levying the taxes!
One problem with Perl, is that it's very hard to read somebody else's Perl code. Most Perl hackers can write scripts that do amazing things in much less space/time than a traditional compiled language, but their code is indecipherable to even other skilled Perl hackers. If you've ever maintained a large Perl program written by someone other than yourself, you know what I'm talking about.
Adding more features to the language will only make this problem worse. Very few Perl programmers know more than a fraction of Perl's syntax. More syntax means more stuff that your average Perl programmer doesn't understand! This is a huge impediment to writing a large project in Perl.
Languages like C and Java stay alive precisely because they're not very expressive. You can write huge behemoth-sized projects and still have some hope of maintaining them, because there just aren't that many ways to obfuscate the code.