The Doomsday Chip
Note - I give anyone and everyone my express permission to mirror or otherwise repost this article, anywhere in the world and for all time.
Dedication - To two wonderful friends I have abroad, each of whom has helped me greatly in his and her own way. My best wishes to both of you -- and keep safe!
IntroductionBack in the 1950's, the Egyptian ( Read more... )
TPM is not remotely new. It's the latest round of "trusted computing" and it's been around for well over 10 years. Here's a very critical article from 2003, and you'll note that most of Ross Anderson's fears remain hypothetical (as do most of the deployments of TPM proposed in that article.)
Bruce Schneier, whose name I assume you are familiar with (and if you're not, you really haven't done much reading in this area you are wading into), has written about TPM for years. Trusted Computing Best Practices (2005), Microsoft's BitLocker (2006), TPM to End Piracy (2008). (The last link has links to even earlier articles ( ... )
Reply
Reply
Actually, half the key is centrally-created and then spawned through random variation. The other half is your personal password. The thing is that if you crack the logic of the TPM chip itself -- any TPM chip -- you have a huge leg up on cracking any TPM password, because you can "deduce" (actually calculate using your own encryption equipment) the fundamental logic by which the firmware part of the key is generated. If you actually have the manufacturing records, you would have all the firmware keys and would then only need the private component to the passwords ( ... )
Reply
This hasn't BEEN reported in the MSM, and I know for sure that it is being censored on a lot of the Internet (particularly those parts run by companies with investments in TPM) as well. (If certain people would like to publicize their relevant experiences here, I'd appreciate it, but I won't talk about it myself).
And no, I mostly like, respect and admire the NSA. It's just that this technology offers such potential for abuse that I wouldn't feel safe unless the Lensman of E. E. "Doc" Smith's Galactic Patrol were running it.
There are many, many watchers watching the watchmen.Right now, the ultimate "watcher" (the President of the United States of America) is demonstrably an arrogant and corrupt man who acts out of a deep disrespect for the US Constitution. But since one cannot guarantee that any particlar President will be competent or lawful (though admittedly, ( ... )
Reply
The TPM is a potential vulnerability, but you seem to have missed my point that it's no different from any other potential vulnerability that arises from large number of machines having the same chips and/or software running on them (e.g., Windows). And that this is not some new thing that was cooked up in 2011 to suddenly be thrust upon the entire world, as your article implies; the technology has been around, and in use, for over ten years.
Polygraphy: Yes, it detects stress. Or other biological reactions. Its accuracy rate is very low. Have you ever seen the episode of The Wire (also seen in Homicide) where the cops get a kid to confess to a crime by convincing him that a photocopier is a lie detector? That's about what a real ( ... )
Reply
It's not "magical", but it does "allow brute-forcing" previously "unbreakable encryption keys." The reason why is that it acts as a multiplier to processing power of a system's capability. (The trade-off is that the system becomes more delicate, as it can crash by prematurely collapsing its state).
This of course does not make the system infinitely capable. But it does allow the system to do things a conventional system could not. When quantum computing was developed, a whole bunch of cryptographic systems which had previously been deemed mathematically "unbreakable" became "breakable."
One time pads are still unbreakable, but that's a system unavailable for the purposes of most users, and completely unavailable to TPM-based systems because they need to be able to access each other remotely and unpredictably in order to perform their distributed security function ( ... )
Reply
The difference is that massacring protesters must be done overtly, while selected and targeted copying, deletion or editing of dissidents' files could be done covertly. This makes such cyber-strikes much more attractive and deniable to an overweening President.
Moreover, my point was not that the NSA doesn't need to be watched and even feared, but that particularly all the non-U.S. citizens throwing conniptions because their metadata might have been collected in a databases somewhere (and I wish people would actually familiarize themselves with what "metadata" means - it does not mean "the NSA is reading your email") seem completely ( ... )
Reply
Er, no, it became theoretically possible to break them in a much shorter period of time using quantum parallelism. Quantum computers would effectively represent a quantum (heh) leap in processing power. Now, it's been a while since I was current in that particular area, but to my knowledge, a practical quantum computer that can break modern encryption has yet to be developed and most experts are skeptical that we are ever going to see an end to modern encryption as some of the more fanciful claims about the capabilities of quantum computing have predicted ( ... )
Reply
(For those who are maybe a little less familiar with quantum computing: So, one of the big ways that modern security - RSA, let's say - works is by relying on certain properties of very large prime numbers. It turns out to be very time-consuming to factor a product of two extremely large primes; without doing this factoring, it is difficult/impossible to break the relevant encryptions.
With a sufficiently large quantum computer, though, it's possible to check all possible factorings simultaneously. Don't think of this as the computer being just "faster," or even "orders of magnitude faster": think of this as taking something that formerly took anywhere from a second to a few thousand years and making it always take a flat few seconds ( ... )
Reply
Well yeah -- that's what I meant by "orders of magnitude faster." An order of magnitude is a factor of 10 -- if something would normally take a millennium and now takes a second, it is roughly 10 orders of magnitude faster, as a millennium is some 30 trillion seconds long.
I think the limitation on quantum computing is resolution of the results -- you have to arrange the circuit very delicately to avoid premature collapse of the wave function and past a certain point of complexity your detection equipment wouldn't be able to figure out what the wave was doing fast enough to be of any use. Wouldn't the ultimate limit on performance here be the Heisenberg one itself, such that ( ... )
Reply
Right, but it's not so much about the fact that the time is different as it is that the growth of the time is different - we move from time that's super-polynomial on the length of the product to time that's something like linear on the length of the product. That's a bigger deal, from an algorithmic point of view, than even a very large constant-factor speed-up.
Wouldn't the ultimate limit on performance here be the Heisenberg one itself, such that sufficiently complex problems would require absurdly large quantum computers?
*shrugs* Really depends on how far you're willing to push "ultimate," I guess. Quantum computing at a reasonable scale - let's say the storage capabilities of the traditional computers of a few decades ago - would smash anything remotely like current RSA, I think.
Reply
Oh, it's not that everyone at the NSA (or CIA, or FBI, or whatever alphabet-soup agency is under discussion) is utterly ruthless and disloyal to the Constitution. It's that all the President (who remember, as the ultimate boss of all these agencies has a lot with which to offer or threaten the ambitious or weak-willed) needs to do is find a few corruptible minions to do his bidding and oppress his personal enemies.
Remember, by the nature of things an intelligence agency such as the NSA works under compartmentalized security (exactly what the TMP chip lacks). So if (say) Project Nineveh and Tyre, composed of three guys whose job it is (for argument's sake) to frame dissidents for child pornography and tax evasion, is massively violating the Constitution, there's no reason why other ( ... )
Reply
Leave a comment