Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cryptographers Find Fault With Palladium

timothy posted more than 11 years ago | from the artist-formerly-known-as-palladium-that-is dept.

Security 345

FrzrBrn writes "Whitfield Diffie and Ronald Rivest raised concerns about Microsoft's Next-Generation Secure Computing Base (formerly Palladium) at the RSA Conference in San Francisco on Monday. They are (naturally) concerned about vendor lock-in and having computers turned against their owners. See the story at EE Times."

Sorry! There are no comments related to the filter you selected.

Cryptographers Find Fault With Palladium (0, Funny)

Anonymous Coward | more than 11 years ago | (#5740093)

the fault is....it was made by microsoft

Re:Cryptographers Find Fault With Palladium (0)

Jeremiah Cornelius (137) | more than 11 years ago | (#5740531)

The fault is...

It exists at all.

Hoard your pre-DRM machines! I have a pile of SPARC and MIPS for the coming times! ;-)

The big picture (4, Informative)

vinsci (537958) | more than 11 years ago | (#5740561)

For the big picture of this story see the TCPA / Palladium / NGSCB / TCG Frequently Asked Questions [cam.ac.uk]

It is well worth a read giving an insightful historical perspective and with translations to a number of other languages available.

OMG!!! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5740094)

I just DOSed my pants!
First post, cocksuckers!

What Do I Love? (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5740096)


II / \/ \ /__\
II \ / I I
II \ / I II
II \ / I II
II \/ / \
II \__/_/

Lameness filter encountered. Post aborted! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5740225)

You must be Jesus, or something.

KEEP ON TORLLING!

And yet they failed to see the glory of my testes! (-1)

Real World Stuff (561780) | more than 11 years ago | (#5740101)

Imagine this: your mom has had fingers in her pooter.

T I T T I E S (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5740104)





How I love to lick.

Yes this is good (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5740110)

Now the great elephant of the north can do battle with the mighty tiger and see if it can eat more grass than exists in the plains to the east. This is a good day my friends. We'll be eating nuts by dusk.

fp (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5740119)

fp

In Other News... (4, Funny)

Captain Beefheart (628365) | more than 11 years ago | (#5740121)

...Cancer researchers found fault with Marlboro brand cigarettes. More details soon.

Re:In Other News... (0)

Anonymous Coward | more than 11 years ago | (#5740248)

the Penn and Teller show "Bullshit" showed that there is no real evidence that smoking cigarettes causes cancer

Re:In Other News... (1)

nn43 (565958) | more than 11 years ago | (#5740543)

NO - Bullshit that SECOND HAND smoke caused cancer. Put down the hot pockets and watch the show. They said nothing about dragging on a cig not causing cancer.

Re:In Other News... (1, Interesting)

Yankovic (97540) | more than 11 years ago | (#5740267)

Given that the researchers work for other companies it may be "Ford researchers find that Chevy's will kill your dog and run off with your girl." This stuff is so vague right now, it's hard to see anyone doing anything but fighting for the sound bite.

Better they find fault with it now, (5, Interesting)

Angry White Guy (521337) | more than 11 years ago | (#5740143)

then someone finds fault with it later.

And now we're supposed to trust 'Trusted Computing'?

Dude! (1)

Kibo (256105) | more than 11 years ago | (#5740186)

That was the best troll I've seen in a while. Thanks. (But the ancient "No Shadows In Space" thread from the days of yore was still better.)

Re: Better they find fault with it now, (5, Insightful)

Black Parrot (19622) | more than 11 years ago | (#5740323)


> And now we're supposed to trust 'Trusted Computing'?

"Trusted Computing" is supposed to fix it where content vendors can trust us.

Or rather, trust our computers.

Privacy (5, Interesting)

TeknoDragon (17295) | more than 11 years ago | (#5740153)

Diffie and Rivest have always held the idea that personal privay (and personal security) is a fundamental right. Their comments at this forum pretty much express that.

They're cautious for a good reason. Making every PC an Xbox with push content delivery just opens up an ugly vulnerability in your system. I can't wait for the distributed Palladium cracking project!

From accounts of Microsofts other presentations they are there primarily to advertise the future of their technology rather than to actually discuss the future of security with others.

Re:Privacy (5, Insightful)

neptuneb1 (261497) | more than 11 years ago | (#5740218)

"I can't wait for the distributed Palladium cracking project!"

You're going to be waiting for a while. With M$'s army of lawyers, any attempt to organize such a project will quickly be shot down by any one of a number of current laws. Let's see how many we can name....

Re:Privacy (4, Insightful)

TeknoDragon (17295) | more than 11 years ago | (#5740255)

For every Napster there are a dozen gnutella, hotline, audiogalaxy's... for each of those there's likely to be a clandestine effort to do the same thing.

Besides... we all know there will be someone [nsa.gov] M$ won't be able to stop.

Re:Privacy (1, Funny)

Anonymous Coward | more than 11 years ago | (#5740332)

yes... and we don't even have an option to do it somewhere else thanks to the United States of the World.. wait, you're telling me there is something behind all that water????

Re:Privacy (2, Interesting)

Vellmont (569020) | more than 11 years ago | (#5740588)

I can't wait for the distributed Palladium cracking project!

Forget about it. The XBox key is 2048 bit RSA key. You can expect that to be the minimum key length Paladium will use. Last I heard 512 bit RSA keys could be brute forced, but 2048 bit keys are far too difficult to even attempt. I'm sure people will try (as they foolishly have with the X-Box), but it's highly unlikely it'll be broken in any amount of time where the key would still be useable. Think about it for just a minute. Do you really think MS is dumb enough to chose a key length that has any chance of being broken anytime soon?

Re:Privacy (5, Funny)

rupe (118491) | more than 11 years ago | (#5740609)

I can't wait for the distributed Palladium cracking project!


Neither can Microsoft .. they'll be selling you the computers and software to do it!! For the next trillion years!

Excellent wording... (2, Interesting)

403Forbidden (610018) | more than 11 years ago | (#5740164)

They are (naturally) concerned about vendor lock-in and having computers turned against their owners.

This will give the whole "man over machine" persona to Palladium, thus making it unpopular.

w00t!

Re:Excellent wording... (0)

Anonymous Coward | more than 11 years ago | (#5740177)

Remember this is not just an effor by Microsoft, hardware manufacturers will be shipping new motherboards with built in hardware protection, sorry folks no choice. The chip basically scans all the hardware to make sure it is secure before bootup.

Laws of Robotics? (4, Interesting)

SHEENmaster (581283) | more than 11 years ago | (#5740316)

Didn't Asimov write up a list of directives for robots, and wasn't one of them that robots should always be subservient to humans?

1. Is palladium optional for the SO? Could Linux or Winshit98 be installed on a Palladium box w/ no ill effects?
2. Is palladium optional for developers? Can "Joe Shareware" still release his software w/out paying an evil corporation for the right to sell it?
3. Is there any way whatsoever in which this would help Joe User or Joe Hacker(not to be confused with Joe Cracker)?
4. Will this be integrated on Sparc and PowerPC or just PCs? Is AMD accepting this BS or just Intel?
5. Who will be in charge of licensing keys for palladium software?

Re:Laws of Robotics? (0)

Anonymous Coward | more than 11 years ago | (#5740380)

6. ????
7. Profit!

The alleged benefit of the CBDTPA, Pd, etc. (4, Informative)

yerricde (125198) | more than 11 years ago | (#5740459)

Is there any way whatsoever in which this would help Joe User or Joe Hacker(not to be confused with Joe Cracker)?

The excuse given for the CBDTPA, which may apply to Pd as well, is that more authors would be willing to publish works in a digital restrictions management system than in a system that grants all fair use rights by default.

Re:Laws of Robotics? (0)

fodi (452415) | more than 11 years ago | (#5740490)

Is palladium optional for the SO? Could Linux or Winshit98 be installed on a Palladium box w/ no ill effects?

Yeah. The aticle says that the extra security instructions could be 'enabled' by the user. So I guess you just disable the 'security' and away you go...

Re:Laws of Robotics? (1)

archnerd (450052) | more than 11 years ago | (#5740523)

1. Yes, supposedly.
2. Yes, almost certainly. Not even the menace of Redmond could get away with that.
3. No.
4. Intel and AMD.
5. Micros~1.

Is this legal? (5, Funny)

Sephiro444 (624651) | more than 11 years ago | (#5740189)

Diffie and Rivest had better watch out! Microsoft could easily hit them with DMCA violation charges for questioning Palladium's encryption!

Re:Is this legal? (0)

Anonymous Coward | more than 11 years ago | (#5740350)

they won't, they didn't when a while ago a student asked permission and they said they won't

WinHEC (2, Funny)

eegad (588763) | more than 11 years ago | (#5740196)

Yeah, I'll be getting a computer with Palladium WinHEC freezes over!

Re:WinHEC (0)

Billly Gates (198444) | more than 11 years ago | (#5740213)

...and if Apple buys Universal and Universal makes them cripple the macs with hardware drm now what?

Re:WinHEC (1)

ehudokai (585897) | more than 11 years ago | (#5740277)

Uh... if Apple buys Universal then Apples in charge.. not the other way around. But I'm not sticking by that. Apple has been known to shoot themselves in the foot.

Re:WinHEC (1)

Billly Gates (198444) | more than 11 years ago | (#5740283)

Ya like apple is going to let there subscription bussiness falter and let pirates continue to download movies and cd's for free. They have a financial motive to implement drm. If not then the shareholders from Universal would bail out and hurt Apple financially.

Re:WinHEC (1)

gilesjuk (604902) | more than 11 years ago | (#5740398)

Buy a Sun?

Don't upgrade?

Take up another interest?

Re:WinHEC (1)

Midnight Thunder (17205) | more than 11 years ago | (#5740216)

Yeah, I'll be getting a computer with Palladium WinHEC freezes over!

Or when the computer is labelled as such. I am worried that the marketing guys who usually print every possible buzz word on the box will hide this in the small print.

Questions: (1)

Nethergoat (597008) | more than 11 years ago | (#5740199)

Anybody know who Microsoft is targeting with this?
The benefits of Palladium in any market that currently demands a great amount of security are obvious, but I'm more interested in the scope of Microsoft's intended consumers - is this something they want not only in the office, but at home? Or does this fall into a similar category as 64-bit processing... intended for very specific markets with no real benefit yet to the end user.

Also, does the open-source world have any sort of response to this? Is there merely pure opposition, or are groups developing more standard-friendly alternatives.

I don't know much about Palladium, but I'm anxious to find out more - please share ideas/opinions.

Not who, but what (0)

Anonymous Coward | more than 11 years ago | (#5740256)

With Micro$oft there's no doubt the intended target is your checking account.

It's just a matter of how.

FWIW, Palladium appears to me to be a way to get vendor lock-in on all kinds of digital content - movies, songs, etc. With that lock-in, Billy's Boys could charge whatever they wanted for Win9000SUX.

All your security are belong to us. (1)

ToadSprocket (628571) | more than 11 years ago | (#5740315)

I believe they are targetting home users as well as the Enterprise users with Palladium.

According to MS, Palladium will provide a set of applications and features that will work independantly of the operating system. These features and applications would theoretically not allow a virus to install itself on the system, simply because it is running as an admin account, because it would not be a "trusted" application.

The major bone of contention is that who gets to decide who can develop "trusted" applications?

Well, Microsoft of course!

All your security are belong to us. ha ha ha ha ha.

Re:Questions: (0)

Anonymous Coward | more than 11 years ago | (#5740339)

They are targetting you. They do not Trust you with their valuable digital content, so they are going to remake your computer such that it will only do what they tell it to.

Re:Questions: (3, Interesting)

Dr_Cornholio (569153) | more than 11 years ago | (#5740386)

Palladium was intended to be a joint hardware and software excercise. Where you could only run signed code on your boxen. I didn't really understand how this could be benificial as it would basically halt any and all software development (new piece of code has to get signed digitally before it can be run. Can you imagine how frustrating that would be for a coder???). Also, forget about recompiling your kernel, once it's changed, you need to get it re-signed before you can use it to boot.

If MS has it's way with palladium, it will be just like the XBox now where you must pay MS for the boot key for a game to work. I dare say that not only was the XBox an attempt to get into the console market, but also a testing ground for palladium. Given the dismal failure of the XBox so far, this could also explain the truckloads of cash that MS has been burning on the XBox. They WANT Palladium to work and will do anything to make sure it DOES work. It is their final chance to secure complete market domination inside the law before linux makes it's way onto mainstream desktops.

All I can suggest with this sorry state of affairs is to change your hardware now to an etirely different platform. (gamer's won't like this) Move away from x86. There are many architecture's out there that would both benefit from incresed use and R&D funding. Names such as Alpha, SPARC, and my personal favourite, PowerPC are all perfectly good systems, and as we all know, run linux and BSD. So, choose your processor, choose your OS, GET SOME APPS COMPILED FOR THEM! and make a stand to let MS know that you own your systems and that all your boxen are NOT belong to them. Stop talking about it and do something for a change. I have I run a MS-free iBook with OSX and X11 and have never been happier

While this is a good start... (0)

Anonymous Coward | more than 11 years ago | (#5740203)

...why the hell hasn't anyone tried to sway public opinion on the matter yet?

I hope they're right (5, Interesting)

MoOsEb0y (2177) | more than 11 years ago | (#5740204)

From the article,
The Microsoft approach "lends itself to market domination, lock out, and not really owning your own computer. That's going to create a fight that dwarfs the debates of the 1990's," said Diffie as part of a broad panel discussion on cryptography at the RSA Conference here Monday (April 14).
I hope the guy is right. If he is, then the courts will (more than likely) end up voting this down, because it is way too extreme. There are far easier and less intrustive ways of making products secure.

Give it to the experts (1)

basho3 (660338) | more than 11 years ago | (#5740206)

I say they should hand over the job to Intuit.

Re:Give it to the experts (1)

wozster (514097) | more than 11 years ago | (#5740273)

or even Symantec [extremetech.com]

You know it's comming... (5, Funny)

Anonymous Coward | more than 11 years ago | (#5740208)

News Flash: "Blue screen of death kills computer and user, details at 9" - Kent Brockman

Re: nice timing (2, Funny)

TeknoHog (164938) | more than 11 years ago | (#5740503)

> "Blue screen of death kills computer and user, details at 9"

In other news:

  • BSOD interrupts computer and user, details at 2.
  • BSOD aborts computer and user, details at 6.
  • BSOD segfaults computer and user, details at 11.
  • BSOD terminates computer and user, details at 15.

(hint: $ man 7 signal)

Sidenote about RSA (5, Informative)

preternatural (322346) | more than 11 years ago | (#5740209)

The inventors of the RSA algorithm (Ron Rivest, Adi Shamir, and Len Adleman) were awarded the Turing Award on Monday. This was announced at the opening of the RSA conference. More information can be found in this article [zdnet.co.uk] .

I'm not getting palladium - ever. (0, Flamebait)

Nogami_Saeko (466595) | more than 11 years ago | (#5740215)

I'll buy a MAC first, before I buy any hardware or software which incorporates palladium.

And for me, that's saying a lot.

N.

Re:I'm not getting palladium - ever. (2, Funny)

Rick.C (626083) | more than 11 years ago | (#5740271)

If Palladium keeps missing its target dates, you may never get a Palladium, ever, and the choice will not be yours.

How fitting.

Re:I'm not getting palladium - ever. (0)

Anonymous Coward | more than 11 years ago | (#5740272)

Going into competition against 3com? Who do you have to talk to to get a media access code prefix anyways?

Flamebait? (0)

Anonymous Coward | more than 11 years ago | (#5740472)

I think whoever modded this flamebait is being more than a touch anal. Did MS get mod points again?

This sums it up (4, Informative)

Target Drone (546651) | more than 11 years ago | (#5740219)

From the article: The Microsoft approach "lends itself to market domination..."

Does anyone think Microsoft would have it any other way?

Re:This sums it up (5, Insightful)

zurab (188064) | more than 11 years ago | (#5740586)

From the article: The Microsoft approach "lends itself to market domination..."

Does anyone think Microsoft would have it any other way?


DOJ sues MS for violating U.S. antitrust laws. Courts whole-heartedly agree and rule that MS is guilty. Courts do virtually nothing to protect consumers and tech industry, and literally nothing to punish MS. Courts do not implement any *preventive* measures against MS - as required by the law. MS goes on breaking the same law again and again - nobody pays any attention. MS widely announces its plans (as a marketing campaign) to break the same law again in many-fold worse than before - Palladium - nobody cares.

MS has literally and (seems) legally bribed all - legislative, executive, and judicial - branches of government in order to escape and be exempt from the law, even after it has been convicted of violating it. At some point, the government corruption needs to end, but noone knows how; in the information age where most of the "information" is spoon-fed by corporations that are part of the corruption scheme, the masses will never be on the reform side.

Cryptographers Find Fault With Palladium (2, Insightful)

Anonymous Coward | more than 11 years ago | (#5740232)

but due to DMCA laws cannot tell anyone about it, and therefore the faults will never be fixed, because the schmuckos the programmed the damn thing are too damn stuborn, and full of themselves to admit to there being faults in their code, and refuse to fix anything without proof of the faults first.

we now return you to your catch-22 free life . . . no we don't

Re:Cryptographers Find Fault With Palladium (4, Insightful)

offpath3 (604739) | more than 11 years ago | (#5740535)

They found fault with the way the computer has more control than the user. They didn't find a crytographic fault in any of the protocols.

Related Story (1)

NanoGator (522640) | more than 11 years ago | (#5740240)

" They are (naturally) concerned about vendor lock-in and having computers turned against their owners."

"In a related story, Whitfield Diffie and Ronald Rivest are spending this evening at St. Francis Memorial Hospital in San Francisco. It would appear that sometime on April 15th 2003, they were rendered blind. Though it's not obviously clear what brought on this sudden flash of blindness, they are expected to recover soon. This news comes shortly before they were each to recive honorary promotions to Captain."

Paladium is "Optional" (for varying definitions..) (5, Interesting)

Strats1 (639064) | more than 11 years ago | (#5740259)

Microsoft keeps countering privacy and security claims with the fact tha Paladium is optional, such as the following from the article:

In Microsoft's NGSCB approach, users would have to consciously evoke a secure operating mode that would be turned off by default.

Now as we all can imagine, it won't take long before various applications will not work unless Paladium's controls are in effect. Anything that accesses potentially copyrighted works are the most likely to begin with. Windows Media player, E-Books, and later Office products will be the first to require this.

Microsoft is already pushing to get their media formats to be the default. Websites are frequently given discounted access to Windows Media creation software. Colleges and other low-budget places are frequently targets. They have to agree to use only those formats, not quicktime or MPEG, in return. This forces users to get Windows Media player to watch this content. Later MS will require these sites start saving in the newer, Paladium-only, versions, and we'll have our transition to lockout today.

What can you do to prevent this? Stay with open formats. Ogg-Vorbis. MPEG. XML/OpenOffice.org.

It'll be very interesting to see if this subtle push backfires or succeeds. Ten years ago, there's no doubt Microsoft would have been able to back us into any corner they wanted. But the last few has shown some strong distrust - people no longer take MS's word as law.

Let's hope that trend continues.

It's called "Boiling the frog" (2, Interesting)

wozster (514097) | more than 11 years ago | (#5740314)

Throw a frog into a pot of boiling water and he'll jump right out. However, if you immerse him into a pot of cool comfortable water, he will remain there. After that, you slowly raise the temperature of the water a degree at a time allowing the frog to acclimate at a comfortable pace. Over time, the frog will continue to thin the water is fine even though it has been slowly raised to the boiling point.

Re:It's called "Boiling the frog" (1)

palndrumm (416336) | more than 11 years ago | (#5740355)

According to Snopes [snopes.com] , that's not actually true...

Sure, it will be optional. (0)

Anonymous Coward | more than 11 years ago | (#5740356)

Optional as in you won't need it if you don't want to watch any new movies, listen to any new music, play any new games, or use any new software.

Not all authors will switch to DRM (3, Informative)

yerricde (125198) | more than 11 years ago | (#5740566)

Optional as in you won't need it if you don't want to [use any new copyrighted works]

You assume that all authors would switch over to a digital restrictions management system. This may be true of the studios in the Motion Picture Association of America, but there remains a thriving community built around limited free sharing of copyrighted works, especially computer programs [opensource.org] .

And if you claim that free software won't be allowed to boot on future computers, I don't find that substantiated. What I've read of the Palladium specification states that Palladium comes into play only when the system is booted with Palladium support turned on in the BIOS, and only for those processes that import palladium.dll. From Microsoft's marketing material [microsoft.com] : "A 'Palladium'-enhanced computer must continue to run any existing applications and device drivers." And the TCPA TPM FAQ (pdf [trustedcomputing.org] ) states that "The trust model the TCPA promotes for the PC is: the owner runs whatever OS or applications they want".

The bit I like (5, Insightful)

boy_of_the_hash (622182) | more than 11 years ago | (#5740260)

NGSCB also requires secure channels between a keyboard and main memory and between a display interface and a graphics chip and its frame buffer.

Which means it will only work on approved hardware - guess who profits from approving the hardware and drivers? Why would I need a secure framebuffer exactly when I'm already in full control of the code executed on my machine?

Approved hardware (4, Insightful)

overshoot (39700) | more than 11 years ago | (#5740423)

Why would I need a secure framebuffer exactly when I'm already in full control of the code executed on my machine?

You missed Part Two: you can't get your hardware approved if you don't agree to keep the operational specs under lock & key. So, in order to sell display devices to the monopoly market, they have to be Microsoft-only display devices. Et cetera.

Unfortunately... (5, Interesting)

Toasty16 (586358) | more than 11 years ago | (#5740266)

...No one can be told what encsub is...because they're all under NDAs.

Seriously though, read the following:

"The right way to look at this is you are putting a virtual set-top box inside your PC. You are essentially renting out part of your PC to people you may not trust..."

Aren't people who download Kazaa already doing that, since Brilliant Digital's spyware is installed with the program and can use the computer's CPU cycles and hard drive space without warning? It seems that unless there is a big enough hoopla made about Palladium, unsuspecting customers will have no idea of "Trusted Computing"'s true effects and limitations on usage. Just ask a non computer geek Kazaa user if they're concerned that Brilliant Digital has so much control over their computer, and if they give you a response other than a blank stare accompanied with a "wha?" I'll give you a Gummy bear (It's warm from being in my pocket).

info on dr. Diffie e.g. karma whoring at its best (2, Informative)

thanasakis (225405) | more than 11 years ago | (#5740269)

Whitfield Diffie, who holds the position of Distinguished Engineer at Sun Microsystems Laboratories is best known for his 1975 discovery of the concept of public key cryptography, for which he was awarded a Doctorate in Technical Sciences (Honoris Causa) by the Swiss Federal Institute of Technology in 1992.

For a dozen years prior to assuming his present position in 1991, Diffie was Manager of Secure Systems Research for Northern Telecom, functioning as the center of expertise in advanced security technologies throughout the corporation. Among his achievements in this position was the design of the key management architecture for NT's PDSO security system for X.25 packet networks.

Diffie received a Bachelor of Science degree in mathematics from the Massachusetts Institute of Technology in 1965. Prior to becoming interested in cryptography, he worked on the development of the Mathlab symbolic manipulation system --- sponsored jointly at Mitre and the MIT Artificial Intelligence Laboratory --- and later on proof of correctness of computer programs at Stanford University.

Since 1993, Diffie has worked largely in public policy, in the area of cryptography. He has testified twice to the House and twice to the Senate. His position --- in opposition to limitations on the business and personal use of cryptography --- has been the subject of articles in the New York Times Magazine, Wired, Omini, and Discover. The subject has also been covered on the Discovery Channel, Equinox TV in Britain, and the Japanese TV network NHK.

Notariety has provoked a number of awards, including: IEEE Information Theory Society Best Paper Award for 1979, IEEE Donald E. Fink award for 1981, the 1994 Pioneer Award, given by The Electronic Frontiers Foundation for contribution to the quality of life in cyberspace, the 1996 National Computer Systems Security Award given jointly by NIST and NSA, the 1997 Louis E. Levy Medal from the Franklin Institute in Philadelphia, the First ACM Paris Kanellakis Award for contribution to theory and practice in computer science, the IEEE Information Society Golden Jubilee Award for invention of the Diffie-Hellman key exchange protocol.

It's about who "owns" your ID (5, Insightful)

feepcreature (623518) | more than 11 years ago | (#5740275)

A central objection from Diffie & Rivest seems to be that under Palladium, Microsoft will own and control your ID - or at least what can interact securely with "your" secure Palladium device.

To understand why this is not a good thing, imagine if a commercial company had the monopoly of passport and driving license production, and were able to prevent you from using the ID they issued to verify who you were except in "microsoft approved" shops and venues (or countries).

IDs and trust systems should be standards based, not proprietary. They should be secure, and openly peer-reviewed or audited. And the ID should be under the control of the person being identified (or at least issued by a "neutral" government body, as passports are now).

But I've just started thinking about this... so I might change my mind some more. Would that make me a bad slashdotter?

Re:It's about who "owns" your ID (1)

seichert (8292) | more than 11 years ago | (#5740456)

IDs and trust systems should be standards based, not proprietary. They should be secure, and openly peer-reviewed or audited. And the ID should be under the control of the person being identified (or at least issued by a "neutral" government body, as passports are now).

People should be able to freely choose which ID systems to sign up for. If they want an ID issued by a government agency, fine. If they want an ID issued by a private corporation or individual, fine. Others can decide whether or not to recognize the ID as valid and/or useful.

In regards to passports being from a neutral government body, there is no such thing. If the government has a problem with you they can deny you a passport. As an example take a look at the bottom of the list [state.gov] of requirements for a U.S. passport. You see that if you fail to provide your Social Security Number the IRS may impose a $500 penalty on you. Government issued and mandated passports are an infringement on your freedom to travel. [cryptome.org]

Re:It's about who "owns" your ID (2, Interesting)

JohnnyCannuk (19863) | more than 11 years ago | (#5740582)

Sounds like Liberty Alliance.....

what is the fault? (4, Insightful)

shird (566377) | more than 11 years ago | (#5740278)

From the title, you would think there is some technical flaw in palladium, but the article just goes on about some thing about not having control of your PC etc...

Im not saying there isnt a technical flaw, just /. spreads propaganda through misleading comments.

Re:what is the fault? (1)

p3d0 (42270) | more than 11 years ago | (#5740347)

The headline doesn't say they found a fault. To "find fault" in something just means to be critical of it.

Re:what is the fault? (1)

shird (566377) | more than 11 years ago | (#5740440)

yeah fair enough. Its too early in the morning and I just read it without putting enough thought into it. I guess it was just posted as headline news, even though they just talked about a few observations that everyone was already aware of.

Re:what is the fault? (4, Insightful)

Slowping (63788) | more than 11 years ago | (#5740390)

From the title, you would think there is some technical flaw in palladium, but the article just goes on about some thing about not having control of your PC etc...

I'd say that the owner not having control of their own keys is a major technical flaw of "trusted computing".

Re:what is the fault? (0)

Anonymous Coward | more than 11 years ago | (#5740463)


In Soviet Russia, propaganda misleads YOU!

Wait, no, that doesn't work...

DIGEST (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5740281)

  • [Insert 100 comments from people who did not read the article, just kind of talking about Palladium and their views on it becuase this is a Palladium article so it will seem ontopic]
  • [Insert indeterminate amount of crapflooding which either goes down to -1 or goes down to 0 but is skimmed past unnoticed by everyone]
  • [Insert 60 comments from people who read the article, but then simply used the article as a springboard to talk about already-worn arguments related to Palladium, I.E. responding to some specific element of the article but responding such as to simply bring up the same already-discussed-on-slashdot points covered by the first 100 comments.]
  • [Insert 100 posts responding to the previous notable 160 posts which simply give the same counterarguments that were used the last time the points from those 160 points were used on slashdot-- in the last slashdot palladium article.]
  • [Insert 20 posts explaining that misconceptions in previous 260 posts are misconceptions]
  • [Insert 30 posts that miss the point entirely]
  • [Insert 23 posts that respond to something someone said in a generally non-insightful but fairly humorous manner, which are then moderated as "funny"]
  • [Insert 2 posts by people who actually read the article and want to discuss the article, and/or what new points or fresh perspective the article offers]
  • [Insert 6 posts responding to the previous 2]
( Read More... | 339 of 412 comments | Your Rights Online )

In Soviet Russia... (2, Funny)

Glock27 (446276) | more than 11 years ago | (#5740290)

your computer watches you.

Palladium simply brings this 'innovation' (in the grand tradition of Microsoft 'innovation') to the U.S.

Great.

Suprised MS isn't cyring "conflict of interest" (5, Insightful)

pete_wilson (637423) | more than 11 years ago | (#5740293)

I'm suprised that Microsoft isn't tyring to cloud the issue by talking about the associations of the persons who gave the talk.

Wittfield Diffie is an engineer at Sun Microsystems, one of the only corporations that can be considered a Microsoft competitor. Ron Rivest is a professor as his day job, but gets quite a bit of cash from RSA, and Microsoft isn't using any of the code that RSA provides (BSAFE, etc) in Paladium, so that's a big chunk of change that won't be coming his way.

We here on slashdot may realize that Rivest and Diffie are actually quite excellent individuals in their field, but these kinds of conflicts of interest are frequently what will be pulled out to counter an argument, rather than working from the facts themselves.

Small kernel (0)

Anonymous Coward | more than 11 years ago | (#5740294)

In Microsoft's NGSCB approach, users would have to consciously evoke a secure operating mode that would be turned off by default. New instructions in the CPU as well as changes in the memory controller would help carve out a protected space in main memory to load a small, secure operating system kernel.

RAM required: 4 GB minimum (16 GB recommended)
Kernel Features: DVD player, Internet Explorer, Age of Empires 3 preview, Outlook, and Windows Movie Maker

Misleading headline (4, Insightful)

BlueFall (141123) | more than 11 years ago | (#5740301)

The headline of this story is misleading. Some people disagree philosophically with Palladium's goals, not its technical merits. It just happens that these people are famous cryptographers. At the moment, the technical details seem sparse, so we'll just have to wait until they are released (if ever) to see if the goals that are mentioned are actually met.

Re:Misleading headline (3, Insightful)

wytcld (179112) | more than 11 years ago | (#5740399)

Some people disagree philosophically with Palladium's goals, not its technical merits.

How do you separate these two? Having a car you don't hold the key to, but instead have to call some central bureau on your cellphone to unlock wouldn't just be a philosophical problem, but a technical one. It would totally suck technically if your cellphone wouldn't work, for instance - and this vulnerability would be technically more likely than if you carried your own key - a higher rate of failure at car starting. Now philosophically, you may be against always reporting to a central bureau when you'd like to start your car; but technically the scheme still sucks. Same if it's a key to your computer.

Re:Misleading headline (1)

Planesdragon (210349) | more than 11 years ago | (#5740458)

How do you separate these two? Having a car you don't hold the key to, but instead have to call some central bureau on your cellphone to unlock wouldn't just be a philosophical problem, but a technical one.

No. How you drive your car if your cellphone dies is a technical problem--which, oddly enough, could be "solved" by sufficient network redundancy.

"Technically" the system has no problems if it works as advertised. The problems the cryptographers have are "philisophical" or "marketing", not "technical."

If the problems were technical, they'd be pointing out ways that they could easily crack Palladium or somesuch, not just saying "I don't like this."

Heck... (1)

pergamon (4359) | more than 11 years ago | (#5740351)

I can think of plenty of CONSUMERS that find fault with this...

this just won't fly.... (2, Insightful)

smd4985 (203677) | more than 11 years ago | (#5740352)


if foreign governments are having misgivings about using Windows because it is closed source, they surely won't accept Palladium if MS has undue influence and control over the architecture.

Re:this just won't fly.... (1)

overshoot (39700) | more than 11 years ago | (#5740446)

Who cares what they'll accept? If they don't like it, they can build their own computers and pay five times as much for them. About time they remembered their place in the world.

Not A Crypto Fault (5, Informative)

rsmith-mac (639075) | more than 11 years ago | (#5740360)

Just as a note, contrary to what most people's initial reaction is, the article does not talk about any cryptographic flaw in the system. Diffie is arguing the merits(or lack thereof) of a system that the user doesn't hold the key to; Palladium itself hasn't been proven insecure(yet).

Not owning your computer eh? (5, Insightful)

scourfish (573542) | more than 11 years ago | (#5740361)

It's not much of a change from now: you don't own your copies of windows nor do you own your XBOX

Re:Not owning your computer eh? (0)

Anonymous Coward | more than 11 years ago | (#5740454)

...you don't own your copies of windows...

Yeah, I also don't own VS5, VS6, or VS.Net, or SQL2K, Project/Visio 2k2, Office XP, etc., that I have. I've never paid for any of the Microsoft Software I have copies of.

..nor do you own your XBOX...

and I don't own an X-Box either; never have, never will.

Shit, you hit the nail right on the head with that one!

debates? opposition? (3, Insightful)

Anonymous Coward | more than 11 years ago | (#5740375)

"We need to understand the full implications of this architecture. This stuff may slip quietly on to people's desktops, but I suspect it will be more a case of a lot of debate," he added.

Rivest said some experts have discussed setting up a forum in technical society for such a debate, but he was unaware of any current moves to do that. Likewise Diffie said he was not aware of any specific alternative to NGSCB in the works at Sun.

I hate to take this stance, but the above says it all. Just like the vast majority of /. that would rather post than write to their representatives, Palladium will simply be buzzworded and adopted by the masses. Regardless of how the technical community kicks and whines, the forces of market domination will likely persevere.

Hmmm... (2, Funny)

Cyno01 (573917) | more than 11 years ago | (#5740400)

Microsoft's Next-Generation Secure Computing Base (formerly Palladium)
Thats a little lengthy methinks, can't we just come up with some freaky little symbol to stand for "The Secure Computing Initative Formerly Known as Palladium"

Listen folks (3, Funny)

TerryAtWork (598364) | more than 11 years ago | (#5740406)

Computers have been turned against thier owners for quite some time now.

Why do you think all the latest M$ software from Bill says 'My Computer' ?

OT: another oddly matched ad... (1)

jx100 (453615) | more than 11 years ago | (#5740410)

Didn't know Microsoft sold shoes... [zappos.com]

"No." (1)

xtal (49134) | more than 11 years ago | (#5740425)

We need this why again? I love how there's this crisis that requires microsoft to have access to my computer's execution. What's so wrong with the current model of computing that requires something to literally shake it to it's core? Why can I not be trusted with the keys to my own computer?

"No."

No, I'm not going to buy a Palladium computer. Vote with your wallets on this one, and it'll sink into the historical curiosities bin with Divx. Apple, hopefully, will have nothing to do with this, but if they get sucked in, then I can guess there's going to be one hell of a demand for pre-palladium computing devices. Joe consumer isn't as stupid as he/she appears, sometimes. I don't see any win here for me, and I see big wins for Wintel. Uh-uh.

"No."

Or does that make me a terrorist?

GOOD! (1)

pair-a-noyd (594371) | more than 11 years ago | (#5740432)

I'm glad to hear this!!
Let's trash it before it starts!
Palladium should be exploited six ways to Sunday and every exploit found should be spam mailed to everyone on planet earth! Just as should DeCSS code.
Let's cut this draconian 1984 crap off at the root.

Just Say No (0)

Anonymous Coward | more than 11 years ago | (#5740443)

Does the Palladium movement recognize how many millions of existing computers there are now that are won't work with the new technology? We're not about to chunk these out the window. As time goes by, these "old computers" become hand-me downs to friends, family members, and the have-nots.

Surely, no vendor is going to shut out this sector of old technology. So what's inevitable is that you will end up with a complicated system that's backwards compatible to a simpler one, thus obviating the need for it in the first place!

In a few years, Microsoft will tighten the thumbscrews by dropping support for its current flagship O.S's (XP,2K...) Perhaps then, Linux and Lindows will have its day of reign (if not sooner)

Here's another flaw (0)

Anonymous Coward | more than 11 years ago | (#5740473)

First, before I point it out, I must say that I merely re-iterate what someone else posted on another thread.

Exploiting a buffer overflow in the XBOX game save-up routine resulted in complete control of the machine, even while running trusted code. MS will have a hard time patching all of their bugs before proclaiming that palladium effectively is secure.

-Marton

Matrix 2? (0)

Anonymous Coward | more than 11 years ago | (#5740477)

Now I know a lot of you would say "I'm nobody's bitch!"..BUT, if things got ugly and the computers ended up turning the table and became our master overlords.

I wonder how many of you would crumble, swallow your pride, and be the first little network slut monkey in line.. {mouse coard just SWINGING}

Yea .. you know you'd sell out.. ;)

Does microsoft arrogance know any bounds? (2, Interesting)

d3am0n (664505) | more than 11 years ago | (#5740506)

The fact is, there has never been enough damage to home computer systems to warrent any sort of cryptographic systems such as that which microsoft is describing. How many people could say that because of some random person on the net or in a chat room they lost all of thier data? The worst offenders in these regards are COMPANIES, spy-ware, ad-ware, crappy patchs that break the system, and yes, even DRM schemes are the cause of most of our headaches. So microsoft's proposed solution is to say that they as the worst offenders of crapping out our systems are the only ones who should hold the keys to fix it? Microsoft who gets into bed with the RIAA by extolling the virtues of how great the copy protection systems of windows is, they expect us to trust that they won't lock us out first chance they get? Microsoft who has thier windows media player try to "phone home" through OUR lines without paying us for it, sending our personal data...we should trust these people with their "trusted computing" ??? This is madness, if MS tries to impliment this, i'm going 100% linux because i'll have no choice, if pentium and amd refuse to offer a chip which is not palladium or a similar system compatible, then i will refuse to upgrade for as long as humanly possible, or i'll attempt to get a hold of another type of chip. I don't know if the rest of slashdot has cottoned on, and for those of you that post in the RIAA and in Microsoft's denfense, this is war you know, there are no guns, and there are no bullets, but they're attacking our minds, they are going to chain us up and throw away the key, we see example after example after example. I can't beleive how lightly this is going over, think 50 years down the road of us laying down and taking this...where will we be? are they going to start bar-coding us and deducting 50 dollars directly from our pay cheque because of our alleged piracy? You say "no, that's being stupid" well considering what they've done already, and what's in the works that we know about, can you really say that it is all that dumb? These are scary times, and we need to fully wake up and realize exactly what sorts of things are happeneing around us.

The main thing... (1)

netdemonboberb (314045) | more than 11 years ago | (#5740583)

The main thing is that this can't be something spearheaded by Microsoft but needs to be an open standard everyone has input into. I felt like puking when I heard Microsoft wants to license this. It will shut out Linux.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?