Archive for the ‘Crypto’ Category

Debate on Cost Analysis of Windows Vista Content Protection

Friday, January 26th, 2007

Well, I’m using the term “debate” loosely here because it seems to me, given the marshalled evidence, there isn’t much of a debate to be had, but in any case, Microsoft has responded to Peter Gutmann‘s cost analysis of the DRM subsystems in Windows Vista (of which I’d written about earlier), and also in system hardware that has anything to do with handling of so-called “premium content” (i.e. content encoded onto newly emerging HD-DVD and Blu-Ray discs). Their reply is here..

Windows Vista Content Protection – Twenty Questions (and Answers)
http://windowsvistablog.com/blogs/windowsvista/archive
/2007/01/20/windows-vista-content-protection-
twenty-questions-and-answers.aspx

Peter Gutmann’s rebuttal to Microsoft’s response is here..

Microsoft’s Response
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html#response

..which is an appendix of his overall “Cost Analysis of Windows Vista Content Protection” paper.

If you are at all curious as to the veracity and logic of Microsoft’s response, it is worth reading Peter Gutmann’s response in detail.

A Cost Analysis of Windows Vista Content Protection

Thursday, December 21st, 2006

Peter Gutmann has just published a fairly detailed examination of Windows Vista Content Protection. It is highly recommended reading in that it has non-trivial implications for essentially all personal computer users of any stripe…

A Cost Analysis of Windows Vista Content Protection
http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt

Note that this analysis dovetails with Bruce Schneier‘s overall “DRM is futile” piece from 2001…

The Futility of Digital Copy Prevention
http://www.schneier.com/crypto-gram-0105.html#3

And also it has been coming for a while. Here’s a Microsoft doc from early 2005 that goes into fair detail describing the DRM-driven system workings that Peter analyzes…

Output Content Protection and Windows Vista
Updated: April 27, 2005
http://www.microsoft.com/whdc/device/stream/output_protect.mspx

..although interestingly enough, technorati lists only 13 references to it in their view of the blogosphere. Perhaps this upcoming train wreck isn’t all that widely perceived.

To me, Microsoft’s introduction of this level of bizzare complexity into the hardware and software platform, simply tends to reinforce the refrain of one of my colleagues: “I ain’t going anywhere near Vista.”

Seems like I’ll have to sooner or later get around to experimenting with bringing up Ubuntu and/or CENT/OS and evaluating what it’ll take to migrate my environment over to one of them. Oh, yeah, and get my hardware upgraded sooner rather than later here so that it hopefully won’t have this foolishness in it. I wonder how long into the future XP will be supported?

[update 25-Dec-2006]

Peter has updated his analysis paper to provide pointers to publicly available sources.

Geek Alert: Start-up generates random numbers from space

Thursday, December 14th, 2006

Ok, so if yer hip to cryptography at least some, then you know that to do truly strong crypto, one needs a source of very random numbers. This is not all that easy, it turns out. If you’re unaware of this little subtle-but-way-important detail, check out Ross Anderson‘s book Security Engineering and Bruce Schneier‘s Applied Cryptography.

Anyway, so these creative geeks are apparently going for outer-space-based events as sources of noise from which to generate their randomness. The article from zdnet UK (originally) is here..

Start-up generates random numbers from space

Note that the article has pointers to various other orgs providing ostensibly random numbers over the Internet.

A nod of acknowledgment to Dan Geer, who’s post to the Cryptography@ list was the source for this post.