IBM Hardwires Encryption Into Chips 244
zenwarrior writes "Reported by CNET, a new chip technology termed Secure Blue by IBM will keep users' data encrypted and secured at virtually every moment on essentially anything in which the chip can be used. Data is even encrypted in RAM, leaving display for users' viewing as almost the last place it isn't encrypted. This has to be considered decidedly anti-Homeland Defense by the current administration. If so, when will we see it if ever?"
Clipper Chip??? (Score:5, Insightful)
Re:Clipper Chip??? (Score:2)
The poster made the political comment with absolutely no backing at all. I wouldn't be surprised if IBM was not allowed to export this to Iran, but again, nothing new. And you don't have much justification that Clinton would have tried to do anything.
Re:Clipper Chip??? (Score:3, Informative)
Re:Clipper Chip??? (Score:2)
Re:Clipper Chip??? (Score:3, Interesting)
The fact that the entire system is encrypted, with the exception of the output device and in-CPU communication, electronic wiretapping can be made inpractable. Yes the crypto can be broken, but if the crypto holds up for either the statute of limitations &&|| the perps lifetime then you might as well not wiretapped at all.
Yes you can still get at teh output device, but if that device is a digital earphone (or better yet a bone conduction transducer) that decrypts
Re:Clipper Chip??? (Score:2)
Re:Clipper Chip??? (Score:3, Insightful)
I know partisans want to do nothing but win elections, get the bribes and power. But we need politicians who can also run the country. And people who can communicate with them to ensure they represent us.
When Democrats have some power, even when balanced by a Republican other branch, the only bad
Re:Clipper Chip??? (Score:2)
Re:Clipper Chip??? (Score:2)
So I will slap your obfuscation, talking around, and other insistence we talk about the dead past. right out of your hands.
The question is "will Bush stop IBM from supplying Americans with strong, easy encryption"?
It's not "can I think of something irrelevant to say about an administration from the past decade because it diverts attention from my favorite president".
Re:Clipper Chip??? (Score:2)
Re:Said (Score:3, Insightful)
Only if you don't know what Republicans are.
The Clinton administration was enthusiastically "Pro-Choice" and Anti-Second Amendment, quite the opposite of the Republicans. Clinton also passed a middle(and upper)-class tax hike. Once again, not very Republican of him.
LK
Re:Said (Score:2)
Re:Said (Score:2)
Aside from being proactive (although not very competently) in foreign policy and passing a tax c
Re:Said (Score:3, Insightful)
I think the OP's point was that GWB doesn't hold the patent on evil. This is something to be mindful of. The next guy, democrat or republican, could easily be just as evil. If you just assume "Hey, it's not Bush! Our problems have gone away!", well then you're in a we
Re:Said (Score:2)
I have to highly disagree with you on this fact. The SCOTUS needs to be as separate from the masses as possible, I think if they were voted in you would have segregation mandatory, abortion completely illegal, sodomy in the books as a felony, ten-commandments in every classroom and maybe be living in the Unit
Re:Said (Score:2)
Because in the US, calling someone liberal is actually an insult for some reason which I don't understand. The only options in an electiono are right wing, or more right wing. There's no party that's really middle of the road.
And while Dubya says he's a small c conersvative, he's actually more left wing than any other president. Sure he cuts taxes and believes in prayer in school, but his administration is pr
Re:Said (Score:3, Insightful)
this kind of protectionism has nothing to do with being left or right. it has more to do with the oposing forces represented by populism (do things that apeal to the public. screw common sense) and pragmatism (do sensible things that
When will we see it, if ever? (Score:5, Insightful)
Re:When will we see it, if ever? (Score:5, Insightful)
Pretty cool (Score:5, Insightful)
Regardless it is very interesting that they say this technology can be used on any chip and not just powerPC's, also is the encrypted data tied to the chip or the system, how would this effect SMP systems, or virtual partitions?
Re:Pretty cool (Score:5, Funny)
Now let's lean back and see how long it takes for the Inquirer to pick this up...
Ah, yes. (Score:2)
Re:ROT52 (Score:2)
You have to remember - thre's no technology-IQ test to get a slashdot account or become a moderator. In slashdot's defense, the odds (seem to be so far that there) will be some moderator who recognizes the subtle humor and moderates appropriatley. To end users, the "right" answer will probably eventually appear.
Re:Pretty cool (Score:2)
Re:Pretty cool (Score:2, Interesting)
From TFA:
(emphasis added by me)
It would seem to me that the highlighted phrases above would set some sort of bound on how sophisticated this encryption can b
Re:Pretty cool (Score:2)
Re:Pretty cool (Score:4, Informative)
Re:Pretty cool (Score:2)
Re:Pretty cool (Score:4, Interesting)
Even if the Feds do pass a law requiring backdoors for devices, the law could be circumvented by doing the encryption in software. Not as convenient for the end-user perhaps, but millions of people around the world do that every day thanks to the various implementations of public-key (RSA) schemes.
Software trapdoors trump hardware backdoors.
Re:Pretty cool (Score:2)
In theory, if that backdoor included the possibility to spy on processes running then no software crypto would be safe. I would believe it could be built into the hypervisor layer of Vanderpool/Pacifica (Intel/AMD
Re:Pretty cool (Score:3, Informative)
not so much anymore. there might be some cases, but it's not a blanket policy anymore. the PGP case pretty much killed that
Re:Pretty cool (Score:2)
whatever....
I used to work in the router/switch industry. I have -some- clue about what I'm talking about.
cover your ears and eyes if you want, but the fact is, the US gov DOES want to be able to have its 'fingers on the bits' on-demand.
this isn't your father's america anymore. it really isn't.
DRM (Score:5, Insightful)
Re:DRM (Score:5, Insightful)
Hmmm, doesn't Apple use DRM in its iTunes music and in OS X?
Re:DRM (Score:2, Insightful)
Since when? (Score:4, Insightful)
I'm sorry, what? According to wide report, as of the new Intel macs, Apple is in fact using draconian hardware chips that prevent you from having control over your computer [masternewmedia.org], and is reportedly using these specifically to keep you from running OS X on unauthorized hardware. (Though, hilariously enough, that's according to wide report. There is no hard evidence I've seen one way or the other that these chips are or aren't even in the new macs to begin with! All reports of TPM in the Intel macs are based on sort of circumstantial evidence from reports of the developer betas of the Intel macs. Since the actual release of the Intel macs, everyone has gone silent on the subject, and Google doesn't turn up any attempts I can find to take apart the Intel macs and the kernel to see whether TPM is in there. Apparently though the slashdot and tech blogger crowd were angry and opposed to Palladium/TPM for three or five years nonstop since it was announced, they just fell silent once they saw how shiny the new iMacs are.)
You are of course correct that they aren't, of course, using these chips for iTunes or the iPod. Yet. But if the chips are in the machines, they could start using them for such purposes at any time. The iTunes DRM already subtly changes with each iTunes version (the jHymn backup utility still doesn't work with the iTunes 6.0 DRM).
Though all of my computers since I was six years old have been Apples, if it's true that Apple is using TPM in their machines now, it would seem I'm going to be using Linux from now on. I was rather annoyed at the prospect of having to suffer a hardware platform transition (again) to begin with, but I can at least understand the reasoning behind that. But I'm absolutely not willing to pay for a computer if there's this ticking TPM time bomb buried in it that means, if someday the OS vendor changes their mind, a single OS update could sweep through and my computer would no longer be mine.
New Macs do have TPMs (Score:3, Interesting)
Re:DRM (Score:4, Insightful)
Re:DRM (Score:2)
Re:DRM (Score:3, Funny)
Re:DRM (Score:5, Insightful)
They know damned well that until our brains can decode encrypted digital video and audio, they can't stop copying. It must be converted to analog before we can use it, and while they can hamper things, there's absolutely no way to stop microphones and camcorders. It's for the sole purpose of extracting as much profit from everyone as possible. The anti-piracy makes a decent cover, but in reality it's one of the largest anti-competitive schemes in recent history.
Or Sponsored by DHS? (Score:5, Insightful)
"This has to be considered decidedly anti-Homeland Defense by the current administration."
Unless they designed the backdoor to be inserted....
Re:Or Sponsored by DHS? (Score:2, Insightful)
thats good enough for me, anonetnfo.brinkster.net.nyud.net:8090 [anonetnfo....t.nyud.net] - it might be seen as an advert, but it wasn't intended to be
Re:Or Sponsored by DHS? (Score:2)
Re:Or Sponsored by DHS? (Score:2)
Re:Or Sponsored by DHS? (Score:5, Insightful)
Can you? If anything about the government-installed backdoor ever became public knowledge, IBM would be facing all kinds of lawsuits from anyone who ever bought that chip, would probably have to refund or replace every copy of the chip they ever sold, and it would be a long, long time before anyone would seriously consider buying a "secure" chip from IBM again.
I like a crypto-fascist conspiracy as much as the next guy, but wouldn't that be an awfully big marketing risk for IBM to take?
Re:Or Sponsored by DHS? (Score:2)
Besides, if the NSA declares this backdoor "classified" then very few reporters or leakers would be inclined to spill the beans, lest they be thrown in jail/stripped of their pensions/etc.
-Eric
Re:Or Sponsored by DHS? (Score:2)
Not really. Didn't you know that the U.S. government is a wholely owned subsidiary of IBM?
Re:Or Sponsored by DHS? (Score:4, Insightful)
They are certainly among the best in the field, and yes they did improve DES. However, that doesn't change the fact that many published encryption schemes like GOST (Russian), Rijendael (European, better known as AES) were developed outside the US. Very many cryptographers have taken a whack at both those and US algorithms, and they seem to hold. To think that the NSA has solvers for all of these and the rest of the world can't find solvers for any of them, is putting too much faith in the NSA. It seems quite obvious at this point that secure encryption does exist. Of course, there's always the chance the NSA has broken some of these algorithms, which they aren't very likely to talk about. But I strongly doubt they've cracked all of them. And as far as brute force go, it wasn't too long since 40 bits was the limit, now 128bit is everywhere. I strongly doubt their breaking capability rose with 2^88 in that time, I think it's more a case of the cat being out of the bag.
Re:Or Sponsored by DHS? (Score:3, Insightful)
Remember also that the NSA is concerned with practical mission concerns and not just the theoretical side of cryptography. In the real world the weakness is rarely in the algorithm chosen, but rather in bungled key management, social engineering, or other physical security concerns which serve as the weak link in the chain. The NSA would not bother brute forcing your key if they could log your keystrokes from a van parked somewhere in the neighbor
Homeland Security Vrs RIAA (Score:5, Funny)
Anti-Homeland Defense, maybe, but avoiding data leakage will make it very attractive to RIAA / MPAA and other copyright protection lobby groups.
So Maybe we get to see what happens when the RIAA face off against the Department for Homeland Security and the CIA - that would be one I would like to see (Maybe we should just watch them fight them nuke them both from orbit - only way to be sure).
Re:Homeland Security Vrs RIAA (Score:3, Insightful)
Besides which, I'm pretty sure the RIAA and the MPAA will get behind this, and they've got Congress in their pocket.
Re:Homeland Security Vrs RIAA (Score:2)
Or even better, I'm just
Re:Homeland Security Vrs RIAA (Score:2)
A perfectly reasonable choice... though I'm curious where you are going to go/be/stay instead.
Re:Homeland Security Vrs RIAA (Score:2)
Well, the obvious one being that installing a pinhole camera, keystroke logger, or parking a tempest van outside would be infinitely cheaper and easier.
The second one being your brain, and a rubber-hose: http://iq.org/~proff/rubberhose.org/current/src/do c/review.html [iq.org]
Re:Homeland Security Vrs RIAA (Score:2)
Re:Homeland Security Vrs RIAA (Score:3, Insightful)
These outfits are the same side of the same coin, so there will be no "face off." They're all in cahoots together and you can rely on the fact that the RIAA or any other *AA will fall all over themselves attempting to give the DHS or whomever, any little thing their hearts desire, including whatever keys to whatever algorithm they may be interested in at any given time. It's YOU AND I who are on the
A chain is only as strong as its weakest link (Score:4, Insightful)
Re:A chain is only as strong as its weakest link (Score:2)
Re:A chain is only as strong as its weakest link (Score:4, Interesting)
All of this encryption is done in hardware. I was considering, for my next laptop purchase, getting one with a MiniPCI slot that could have a crypto accelerator inserted (even a cheap one can handle over 300MB/s throughput, which is faster than my hard disk can do). Having this on-chip or even on the motherboard would be a huge incentive for me.
Re:A chain is only as strong as its weakest link (Score:2)
What vendor's hardware dongle are you using to make this work? I presume you're not using the onboard machine's/laptop's encryption chipset, so which one ARE you using? I'm curious to see how you're auto-generating the keys from an algo, without storing the nature of that algo on the system proper, prior to mounting your home directory... do tell.
Re:A chain is only as strong as its weakest link (Score:2)
My current machine is a PowerBook, and there are several weaknesses in the implementation of the security mechanisms, although the principle seems sound.
Ok, what are we talking about? (Score:3, Interesting)
Re:Ok, what are we talking about? (Score:2)
Re:Ok, what are we talking about? (Score:3, Informative)
What, you mean like back when they were developing DES, and they got visited by the NSA? It went something like this (totally made-up, aside from the fact that the basic scenario happened):
Re:Ok, what are we talking about? (Score:3, Insightful)
Re:Ok, what are we talking about? (Score:2)
I see the results of the test are already coming in...
And repairing those computers? (Score:4, Interesting)
Re:And repairing those computers? (Score:2)
Maybe negative, but in a different way (Score:4, Insightful)
Re:Maybe negative, but in a different way (Score:2)
Not just terrorists, but any foreign government really. Saddam & Osama both would have benefited from hardware level heavy duty encryption, as the U.S. has gotten computers from both of 'em that were completely unencrypted, yet contained sensitive information.
Re:Maybe negative, but in a different way (Score:2)
1) take physical possession of your computers
2) hold your employees at gunpoint
3) cross check against physical assets
4) be able to repeat as often as needed
Re:Maybe negative, but in a different way (Score:2)
I'm sure there would be some kind of key escrow or a known seed to generate the passphrase if not for the surveillance aspect, but for support. It wouldn't take long at all for the first support call to come in for a forgotten passphrase. What would you tell the client, the data is gone with no hope of recovery?
Don't know about cnet (Score:2, Informative)
This isn't meant to protect you from the gov't (Score:2, Insightful)
One small step for IBM, one giant leap for DRM...
However, there's still hope: making tamper proof hardware is very difficult. Making hardware that's not vulnerable to side
no back door? (Score:3, Interesting)
Well, unless I can varify the code or make the chip from a copy of it's mask myself - I am pretty much taking it on faith from IBM that it is secure from the eyes of the government. (no offense IBM, but I prefer the security of open review) Untill independent sources can take the chip and put it under an electron microscope and say: Yes it's designed secure - then it's pretty much not secure. An if it's firmware that can be re-programmed, then it is especially not secure if the governments hands get on it anywhere in the distribution chain.
Patching exploits? (Score:2)
The question with encryption is never if but always when it will be hacked.
Oh well, I'd guess you'd have to buy newer hardware without the exploit (but with the backdoor of course)
No processor overhead. (Score:5, Funny)
Double ROT26.
Woo. That's gonna be TOUGH to crack!
Re:No processor overhead. (Score:2, Funny)
Not new.... (Score:2)
Keys too or only algorithms? (Score:5, Insightful)
Apparently what they're putting in the chips is, at least, encryption/decryption routines. Aside from the obvious questions (what happens when you want to change algorithms?), the important question is whether they're including digital keys as well.
The single factor that makes "trusted computing" evil is that there's a digital key (the "attestation" or "endorsement" key) baked into the TPM which the owner of the machine is prevented from accessing or changing. If all the keys were accessible to the owner, it would be a purely beneficial technology. With the anti-owner feature, it becomes an engine of DRM, censorship, and vendor lock-in on a vast scale, and at a fundamental level absolutely prevents security and privacy for the computer owner.
So the question is which category this IBM tech falls into. And that in turn depends on whether digital keys will be baked into the processor, or whether it's only a set of routines that any software can use under the owner's control.
The definition of "available" (Score:2)
Closing the analog hole (Score:2)
nice job selling DRM (Score:2)
Debugging (Score:2, Insightful)
Ironic, isn't it? (Score:2)
Hardware DRM - good
Since when "homeland security" became Big Brother?
Data encrypted in RAM? (Score:2)
Hardwired encryption? (Score:2)
Re:Hardwired encryption? (Score:2)
It's evolution (Score:2, Insightful)
My main fear is that the better part of the internet is going to be pushed underground because the gov't wants to read your email and the corps want to charge Google for letting you search for anything.
If these people get their way, there will be no incentive for intelligent people to use an above-ground internet.
There is a market (Score:2)
Pritti, pritti securatay! (Score:2)
Unless I'm a content provider, of course, and don't want my customer to read it properly. Who're they trying to fool here?
Re:Pritti, pritti securatay! (Score:2)
Re:Pritti, pritti securatay! (Score:2)
Far from a be-all end-all solution (Score:2, Insightful)
Since the protection only occurs in hardware, one can still exploit the same software-based attack vectors that have been around for ages. Encryption is done even below the OS. If some
Re:Can't develop/sell security products in Amerika (Score:2)
Of course, you can't develop an unencrypted system without the RIAA going after you.
Re:Effective in Embedded Systems? (Score:2)
the chip knows pq, e. M^e is encrypted and (M^e)^f is decrypted. The chip has the (^f) function (mod pq) hardcoded in. It doesn't actually "know" f.
Lets say your harddrive is encrypted, there are 3 primes needed to be known to get to it:
one is generated by a pass-phrase
one is
Re:Effective in Embedded Systems? (Score:2)
From TFA: "Millions of laptops already contain a chip called a Trusted Platform Module, or TPM, which offers protected storage of encryption keys, passwords and digital certificates."
Re:Hardware breaks? (Score:2)
Re:Hard Drive encryption (Score:2)