Well, there's the PPC chip in the XBox 360, for one. That's a full TCPA system.
Please bear in mind that I'm only arguing this point because I think it's important that people are well informed about what we're up against here. It's not going to be easy to get around TCPA, really it isn't. Virtualisation and man-in-the-middle attacks are exactly what TCPA is intended to prevent, and it's been designed by people who understood what sort of work would need to be done to enforce DRM as required by the entertainment industry.
However, citations. Anderson says that current (2003) TCPA chips are on the motherboard, not the CPU, but:
However, in a few years, the Fritz chip may disappear inside the main processor - let's call it the `Hexium' - and things will get a lot harder. Really serious, well funded opponents will still be able to crack it. But it's likely to go on getting more difficult and expensive.
He also notes that some portions of TCPA are already in your CPU:
The operating system security kernel (the `Nexus') bridges the gap between the Fritz chip and the application security components (the `NCAs')... Finally, the Nexus works together with new `curtained memory' features in the CPU to stop any TC app from reading or writing another TC app's data. These new features are called `Lagrande Technology' (LT) for the Intel CPUs and `TrustZone' for the ARM.
With the chip on your motherboard, yes, you can do a MITM attack on the bus lines. That and cost saving is exactly why it'll be part of your CPU, if it isn't already.
The TPM is built into the CPU, so a man-in-the-middle attack like the one you suggest is very difficult. It has access to all sorts of CPU data that you can't really fake.
Although perhaps you could fake that information by loading new microcode into the CPU...
>> But we do not know the 2,048 bit private keys of the mainboard manufacturers > That's a dangerous assumption.
What about the private key for signing XBox 360 games? Or the one for Playstation games? Or the ones used by Verisign to validate SSL certificates? Or Microsoft's Windows Update key? These things have always remained secret - it's unlikely that they'll ever be public. It's not hard to keep them secret as they never need to be distributed.
That said, there is a private key locked inside each TCPA module. If you can get at that, then the TCPA system breaks down - you can fake trust as required.
Virtualisation does not save us from trusted computing - as the parent says, TCPA was designed with virtualisation in mind.
Every time a thread about DRM comes up, TCPA is mentioned, and a whole bunch of people get modded +5 Insightful for saying that they'll circumvent it using VMware or similar. But to do that, you have to make your own TCPA keys, which won't be signed by a trusted third party. Online services that require remote attestation will require you to use a key that has been signed in that way.
The key in your TCPA module will have been signed, but you can't get at that key by design. You can't use it to sign programs in your VM. That's the idea. They know that virtualisation is a hole. They are as smart as you.
However, perhaps we can get at the key in the TCPA module by getting the module to repeatedly sign something while monitoring its power consumption. This technique, differential power analysis, is apparently very hard to defeat. You can use it to get keys out of smart cards, given enough time: perhaps you can use it to get keys out of your own processor. The price of freedom in the future?
Right! You can build your own network of trust, using whatever keys you want. This is the good side of TCPA.
But TCPA includes "remote attestation", in which an online service is able to validate the state of your machine before, for example, sending you a DRM'ed music file. Now, that service could choose to trust the key you made yourself, but it doesn't have to. It will probably only trust keys that have been signed by the TCPA consortium. If you don't have one of those keys, you're not "trusted" - you could be using your own TC module with the intention of defeating the DRM.
Publish it yourself, selling it through a website. Offer a downloadable demo of some sort, e.g. a PDF of a board and some of the pieces. You can start doing both of these things for a very small investment, and you can scale up your publishing infrastructure according to demand.
A friend of mine is doing this at the moment. You can try out his board game by printing some levels and some of the pieces, and then, if you like it, you can buy the actual thing by cheque or Paypal. Seems to be doing well, he's making an expansion set at the moment.
Another thing you could do would be a computerised version of your game, offered for free online. That could be an excellent advert for the board version, but it would take a bit more investment...
...Or have a real Trusted computer available, and institute a Man-in-the-middle attack.
Not as easy as you'd hope. To do that, you'd need to be able to intercept messages between the CPU and the TC module, which are built into the same chip. It wouldn't be enough to simply intercept network messages, or messages on the bus. It's cryptographically resistant to that sort of attack.
The TCPA consortium have put a lot of effort into securing your machine from you. As I understand it, the only attack vector is to try to extract the private key from the TC module, which may be possible using a power analysis attack.
It is not the TC module that is signed. Rather, the TC module contains a private key, which is not externally accessible. It is this key that is used to sign messages containing information about your machine state, allowing software on your machine to demonstrate a "trusted" status to software on other machines.
If we can get at the private key inside a TC module, then we can make an emulated TC for a virtual machine. We can trick applications into thinking they are running on a trusted system.
I suspect that differential power analysis might be a useful technique for doing this. Apparently it is effectively impossible to prevent an encryption device leaking information through the power it consumes: this is why commercial encryption devices usually come in sealed black boxes that also contain heaps of power filtering. There is little space for power filtering on a CPU die, so we'll probably be able to work out the private key by making the TC module sign something repeatedly, while an ADC captures information about power consumption. It's not a simple attack, but this might be the price of freedom in the future.
People are pissed. They want to say something about the shitty government, and they want to be heard. This is one of the few places where strangers will listen: your friends might debate politics with you, but strangers normally don't care. In the West, very few people give a shit about politics - look at the cheerleaders for both parties, who ignore the bad actions of their own team while shouting down the bad actions of the other team. Few are interested in understanding and debate: they just want their team to win. As if that would help.
That's why you see the same posts over and over. That tired Franklin quote that Franklin didn't actually say. Quotes from 1984. Nazi comparisons. You hear this because people are angry. They want change, but they can't effect change. This is one of their few outlets.
In the end, what can we really do to change things? The only thing we can do is try to spread opinions and information. We can't fight them, we can't start a revolution as the Constitution advises, but we can spread dissent. And Slashdot is a way to do that. People who read this thread might be able to convince Bush supporters to think again, since the thread is full of facts, analysis and opinion. It's ammunition to fight back against the state propaganda machine.
Maybe it will even help to change the world in some small way. The pigs are fueled and on their way to runway 18.
No, collections of data and numbers are excluded from copyright protections.
Ah, but there must be a particular way of defining when digital information ceases to be a number or data, and instead becomes a copyrightable work. Since all digital information can be represented as a single number, there must be some distinction. Perhaps there is a size limit of some sort, beyond which the number becomes copyrightable.
A hashing algorithm would be no good, because of the one-way property. However, an encoding of some sort could be used to do what you specify: I believe there is one called "bubblebabble" which is used to convert key fingerprints into human-readable form. I don't know if that would get around the DMCA though. We often reencode things to Xvid or MP3 before distributing them on P2P networks, and the *AA still calls this "piracy" even though we are merely distributing a lossy representation of the original work.
We are probably going to find out that posting a 32 byte encryption key for a movie on your website does count as a DMCA violation, even though the key is only useful to people who own the disc.
Common sense be damned. Could an encryption key be the world's shortest copyrighted work?
Has anyone considered that the reason ATI/NVidia won't open source their drivers/firmware is because there are blatant copyright and patent violations in their code? I'm not saying there are violations, but if there are, then I would expect each to violently defend against anyone seeing their source code.
Yes, this has been suggested before. These violations, if they exist, may not be deliberate though.
Remember that software patents are often very broad. It is hard to write any software at all without violating some patent or other. If you write software, and you have a lot of money, the patent trolls will come knocking. Giving away source code makes the troll's job much easier. Perhaps that is part of what NVIDIA and ATI want to avoid.
Another problem is that they've used other people's code under NDA in their drivers. There is a similar problem with Windows - Microsoft could not release the source as free software without removing a lot of third-party components.
Call me a total thicky, but can't we strengthen any application that uses a hash by using several different hashes? e.g. concatenate the md5sum, SHA-1, SHA-256 and RIPEMD-160 of the input data to make a composite "super-hash". Wouldn't that make finding a collision very difficult?
Even if you have a way to find a collision for each of the algorithms in isolation, you now have to find a collision for all of them at the same time, which is surely far far harder.
Please do correct me if I'm wrong, I'm interested to know why this won't work because it seems to be the obvious approach in light of the problems that have emerged with MD5 and SHA-1.
This all comes from an argument I had years ago about quantum entanglement. I'd heard that two entangled particles could affect each other at any distance, and I thought that maybe this could be used for instantaneous communication. Physical objects would be involved at both ends, but the actual information would move by some weird entanglement magic rather than being carried by a physical thing.
But apparently not! In order to actually make use of entanglement for communication, you need a conventional communication channel as well. That means you could use entanglement to send data secretly, but you can't use it to circumvent the speed of light.
Well, they've been reading Slashdot. They took our advice and didn't monitor their children's internet use, because we know that monitoring is fascist.
Monitoring your young children = Good parenting. Monitoring your grown-up children = Overparenting. Monitoring other people's children = Fascism.
As I understand it, the speed of light applies not only to physical objects, but also information itself. No-one knows any way to move information faster than light. If you've found a way, that's truly revolutionary, but in the meantime your post sounds a bit like a "free energy" claim. Can you back it up with some citations?
Interesting stuff, thankyou. It never hurts to know more... The BNP are running a campaign in my area at the moment so the topic is of particular interest to me. They do seem to know how to appeal to people without setting off "neo-Nazi" alarm bells which is frankly scary.
Slashdot Mirror
Please bear in mind that I'm only arguing this point because I think it's important that people are well informed about what we're up against here. It's not going to be easy to get around TCPA, really it isn't. Virtualisation and man-in-the-middle attacks are exactly what TCPA is intended to prevent, and it's been designed by people who understood what sort of work would need to be done to enforce DRM as required by the entertainment industry.
However, citations. Anderson says that current (2003) TCPA chips are on the motherboard, not the CPU, but: He also notes that some portions of TCPA are already in your CPU: With the chip on your motherboard, yes, you can do a MITM attack on the bus lines. That and cost saving is exactly why it'll be part of your CPU, if it isn't already.
The TPM is built into the CPU, so a man-in-the-middle attack like the one you suggest is very difficult. It has access to all sorts of CPU data that you can't really fake.
Although perhaps you could fake that information by loading new microcode into the CPU...
>> But we do not know the 2,048 bit private keys of the mainboard manufacturers
> That's a dangerous assumption.
What about the private key for signing XBox 360 games? Or the one for Playstation games? Or the ones used by Verisign to validate SSL certificates? Or Microsoft's Windows Update key? These things have always remained secret - it's unlikely that they'll ever be public. It's not hard to keep them secret as they never need to be distributed.
That said, there is a private key locked inside each TCPA module. If you can get at that, then the TCPA system breaks down - you can fake trust as required.
Virtualisation does not save us from trusted computing - as the parent says, TCPA was designed with virtualisation in mind.
Every time a thread about DRM comes up, TCPA is mentioned, and a whole bunch of people get modded +5 Insightful for saying that they'll circumvent it using VMware or similar. But to do that, you have to make your own TCPA keys, which won't be signed by a trusted third party. Online services that require remote attestation will require you to use a key that has been signed in that way.
The key in your TCPA module will have been signed, but you can't get at that key by design. You can't use it to sign programs in your VM. That's the idea. They know that virtualisation is a hole. They are as smart as you.
However, perhaps we can get at the key in the TCPA module by getting the module to repeatedly sign something while monitoring its power consumption. This technique, differential power analysis, is apparently very hard to defeat. You can use it to get keys out of smart cards, given enough time: perhaps you can use it to get keys out of your own processor. The price of freedom in the future?
Get informed about TCPA here. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Right! You can build your own network of trust, using whatever keys you want. This is the good side of TCPA.
But TCPA includes "remote attestation", in which an online service is able to validate the state of your machine before, for example, sending you a DRM'ed music file. Now, that service could choose to trust the key you made yourself, but it doesn't have to. It will probably only trust keys that have been signed by the TCPA consortium. If you don't have one of those keys, you're not "trusted" - you could be using your own TC module with the intention of defeating the DRM.
The whole thing is really, really nasty. See http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html if you haven't already.
Publish it yourself, selling it through a website. Offer a downloadable demo of some sort, e.g. a PDF of a board and some of the pieces. You can start doing both of these things for a very small investment, and you can scale up your publishing infrastructure according to demand.
A friend of mine is doing this at the moment. You can try out his board game by printing some levels and some of the pieces, and then, if you like it, you can buy the actual thing by cheque or Paypal. Seems to be doing well, he's making an expansion set at the moment.
Another thing you could do would be a computerised version of your game, offered for free online. That could be an excellent advert for the board version, but it would take a bit more investment...
If you've been in the industry for more than 10 years, you'ved used everything. And many of us prefer Windows, because of the development environment.
and the fact that "It Just Works"(tm).
I prefer Linux for exactly the same reasons. Weird, huh?
...Or have a real Trusted computer available, and institute a Man-in-the-middle attack.
Not as easy as you'd hope. To do that, you'd need to be able to intercept messages between the CPU and the TC module, which are built into the same chip. It wouldn't be enough to simply intercept network messages, or messages on the bus. It's cryptographically resistant to that sort of attack.
The TCPA consortium have put a lot of effort into securing your machine from you. As I understand it, the only attack vector is to try to extract the private key from the TC module, which may be possible using a power analysis attack.
It is not the TC module that is signed. Rather, the TC module contains a private key, which is not externally accessible. It is this key that is used to sign messages containing information about your machine state, allowing software on your machine to demonstrate a "trusted" status to software on other machines.
If we can get at the private key inside a TC module, then we can make an emulated TC for a virtual machine. We can trick applications into thinking they are running on a trusted system.
I suspect that differential power analysis might be a useful technique for doing this. Apparently it is effectively impossible to prevent an encryption device leaking information through the power it consumes: this is why commercial encryption devices usually come in sealed black boxes that also contain heaps of power filtering. There is little space for power filtering on a CPU die, so we'll probably be able to work out the private key by making the TC module sign something repeatedly, while an ADC captures information about power consumption. It's not a simple attack, but this might be the price of freedom in the future.
People are pissed. They want to say something about the shitty government, and they want to be heard. This is one of the few places where strangers will listen: your friends might debate politics with you, but strangers normally don't care. In the West, very few people give a shit about politics - look at the cheerleaders for both parties, who ignore the bad actions of their own team while shouting down the bad actions of the other team. Few are interested in understanding and debate: they just want their team to win. As if that would help.
That's why you see the same posts over and over. That tired Franklin quote that Franklin didn't actually say. Quotes from 1984. Nazi comparisons. You hear this because people are angry. They want change, but they can't effect change. This is one of their few outlets.
In the end, what can we really do to change things? The only thing we can do is try to spread opinions and information. We can't fight them, we can't start a revolution as the Constitution advises, but we can spread dissent. And Slashdot is a way to do that. People who read this thread might be able to convince Bush supporters to think again, since the thread is full of facts, analysis and opinion. It's ammunition to fight back against the state propaganda machine.
Maybe it will even help to change the world in some small way. The pigs are fueled and on their way to runway 18.
No, collections of data and numbers are excluded from copyright protections.
Ah, but there must be a particular way of defining when digital information ceases to be a number or data, and instead becomes a copyrightable work. Since all digital information can be represented as a single number, there must be some distinction. Perhaps there is a size limit of some sort, beyond which the number becomes copyrightable.
A hashing algorithm would be no good, because of the one-way property. However, an encoding of some sort could be used to do what you specify: I believe there is one called "bubblebabble" which is used to convert key fingerprints into human-readable form. I don't know if that would get around the DMCA though. We often reencode things to Xvid or MP3 before distributing them on P2P networks, and the *AA still calls this "piracy" even though we are merely distributing a lossy representation of the original work.
We are probably going to find out that posting a 32 byte encryption key for a movie on your website does count as a DMCA violation, even though the key is only useful to people who own the disc.
Common sense be damned. Could an encryption key be the world's shortest copyrighted work?
Has anyone considered that the reason ATI/NVidia won't open source their drivers/firmware is because there are blatant copyright and patent violations in their code? I'm not saying there are violations, but if there are, then I would expect each to violently defend against anyone seeing their source code.
Yes, this has been suggested before. These violations, if they exist, may not be deliberate though.
Remember that software patents are often very broad. It is hard to write any software at all without violating some patent or other. If you write software, and you have a lot of money, the patent trolls will come knocking. Giving away source code makes the troll's job much easier. Perhaps that is part of what NVIDIA and ATI want to avoid.
Another problem is that they've used other people's code under NDA in their drivers. There is a similar problem with Windows - Microsoft could not release the source as free software without removing a lot of third-party components.
Isn't this the same company that had dead people lobby Congress to avoid being broken-up during the anti-trust years?
Holy shit! They can make zombies do their bidding? No wonder they have a 90% market share.
Wikipedia...
Where it is inaccurate, it is at least definitively inaccurate.
Thanks, that's really useful. I had not seen that before.
Call me a total thicky, but can't we strengthen any application that uses a hash by using several different hashes? e.g. concatenate the md5sum, SHA-1, SHA-256 and RIPEMD-160 of the input data to make a composite "super-hash". Wouldn't that make finding a collision very difficult?
Even if you have a way to find a collision for each of the algorithms in isolation, you now have to find a collision for all of them at the same time, which is surely far far harder.
Please do correct me if I'm wrong, I'm interested to know why this won't work because it seems to be the obvious approach in light of the problems that have emerged with MD5 and SHA-1.
This all comes from an argument I had years ago about quantum entanglement. I'd heard that two entangled particles could affect each other at any distance, and I thought that maybe this could be used for instantaneous communication. Physical objects would be involved at both ends, but the actual information would move by some weird entanglement magic rather than being carried by a physical thing.
But apparently not! In order to actually make use of entanglement for communication, you need a conventional communication channel as well. That means you could use entanglement to send data secretly, but you can't use it to circumvent the speed of light.
Well, they've been reading Slashdot. They took our advice and didn't monitor their children's internet use, because we know that monitoring is fascist.
Monitoring your young children = Good parenting.
Monitoring your grown-up children = Overparenting.
Monitoring other people's children = Fascism.
:) You should be in the patent-writing business!
(I guess it is just a barcode after all)
Details are limited for the actual tattoo, but it's said to contain no metals and can be read up to about four feet away.
No metal? This doesn't sound like a radio transceiver at all. Can you make an electronic device without using any metals?
I wonder what it actually is. Glorified barcode?
As I understand it, the speed of light applies not only to physical objects, but also information itself. No-one knows any way to move information faster than light. If you've found a way, that's truly revolutionary, but in the meantime your post sounds a bit like a "free energy" claim. Can you back it up with some citations?
Ah, neat idea. Thanks very much.
Interesting stuff, thankyou. It never hurts to know more... The BNP are running a campaign in my area at the moment so the topic is of particular interest to me. They do seem to know how to appeal to people without setting off "neo-Nazi" alarm bells which is frankly scary.