70 lines
3.0 KiB
Plaintext
70 lines
3.0 KiB
Plaintext
From ygingras@ygingras.net Wed Sep 4 18:58:57 2002
|
|
Return-Path: <ygingras@ygingras.net>
|
|
Delivered-To: yyyy@localhost.spamassassin.taint.org
|
|
Received: from localhost (jalapeno [127.0.0.1])
|
|
by jmason.org (Postfix) with ESMTP id BC18716F21
|
|
for <jm@localhost>; Wed, 4 Sep 2002 18:58:47 +0100 (IST)
|
|
Received: from jalapeno [127.0.0.1]
|
|
by localhost with IMAP (fetchmail-5.9.0)
|
|
for jm@localhost (single-drop); Wed, 04 Sep 2002 18:58:47 +0100 (IST)
|
|
Received: from outgoing.securityfocus.com (outgoing2.securityfocus.com
|
|
[66.38.151.26]) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id
|
|
g84HEjZ12085 for <jm@jmason.org>; Wed, 4 Sep 2002 18:14:46 +0100
|
|
Received: from lists.securityfocus.com (lists.securityfocus.com
|
|
[66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id
|
|
5AE888F334; Wed, 4 Sep 2002 10:00:16 -0600 (MDT)
|
|
Mailing-List: contact secprog-help@securityfocus.com; run by ezmlm
|
|
Precedence: bulk
|
|
List-Id: <secprog.list-id.securityfocus.com>
|
|
List-Post: <mailto:secprog@securityfocus.com>
|
|
List-Help: <mailto:secprog-help@securityfocus.com>
|
|
List-Unsubscribe: <mailto:secprog-unsubscribe@securityfocus.com>
|
|
List-Subscribe: <mailto:secprog-subscribe@securityfocus.com>
|
|
Delivered-To: mailing list secprog@securityfocus.com
|
|
Delivered-To: moderator for secprog@securityfocus.com
|
|
Received: (qmail 11511 invoked from network); 4 Sep 2002 00:48:18 -0000
|
|
Content-Type: text/plain; charset="iso-8859-1"
|
|
From: Yannick Gingras <ygingras@ygingras.net>
|
|
To: secprog@securityfocus.com
|
|
Subject: Re: Secure Sofware Key
|
|
Date: Tue, 3 Sep 2002 21:03:40 -0400
|
|
User-Agent: KMail/1.4.2
|
|
References: <20020829204345.91D1833986@LINPDC.eclipsys.qc.ca>
|
|
<20020903192326.C9DA533986@LINPDC.eclipsys.qc.ca>
|
|
<15733.15859.462448.155446@cerise.nosuchdomain.co.uk>
|
|
In-Reply-To: <15733.15859.462448.155446@cerise.nosuchdomain.co.uk>
|
|
MIME-Version: 1.0
|
|
Content-Transfer-Encoding: 8bit
|
|
Message-Id: <200209032103.44905.ygingras@ygingras.net>
|
|
|
|
> > Is the use of "trusted hardware" really worth it ?
|
|
>
|
|
> Answering that requires fairly complete knowledge of the business
|
|
> model. But, in all probability: no, it isn't usually worth it. So, it
|
|
> comes down to how difficult you want to make the cracker's job.
|
|
>
|
|
> > Look at the DVDs.
|
|
>
|
|
> IIRC, CSS was cracked by reverse-engineering a software player; and
|
|
> one where the developers forgot to encrypt the decryption key at that.
|
|
|
|
This make me wonder about the relative protection of smart cards. They have
|
|
an internal procession unit around 4MHz. Can we consider them as trusted
|
|
hardware ? The ability to ship smart cards periodicaly uppon cashing of a
|
|
monthly subscription fee would not raise too much the cost of "renting" the
|
|
system. Smart card do their own self encryption. Can they be used to
|
|
decrypt data needed by the system ? The input of the system could me mangled
|
|
and the would keep a reference of how long it was in service.
|
|
|
|
This sounds really feasible but I may be totaly wrong. I may also be wrong
|
|
about the safety of a smart card.
|
|
|
|
What do you think ?
|
|
|
|
--
|
|
Yannick Gingras
|
|
Coder for OBB : Oceangoing Bared Bonanza
|
|
http://OpenBeatBox.org
|
|
|
|
|