Re: IBM Touts Integrated Encryption

Ed Weir (ComCast) wrote:
An interesting article FYI.
http://www.wired.com/news/technology/0,70630-0.html?tw=rss.index

Looks like an extension of the V-chip concept. The article doesn't mention the algorithm they have in mind though.

I never thought I would one day ask the following question
(don't worry guys, yes, I am doubting my sanity as I write
it :-)), but ... Is there any real merit to what Bruce
Schneier says about it?

I mean, he picks on it quite strongly, and IMO, very unfairly;
now, of course, I'm speculating, since I have not seen the
specific details of the technology -- maybe he has seen a
bit more and his opinion is based on the whole story?

Most of the pitfalls in the use of cryptography come from
the problem of key management -- the dream of digital
signatures is killed by the inability to trust that a
signature (a file on the hard drive of a computer) does
indeed correspond to a given user; secure shopping with
the CPU ID (putting Big Brother concerns aside) would
have been possible if they had used a digital signature
scheme where all the information (private key) is built-in
in the CPU -- with no *physical* way for the private key
to leave the chip. Sure, a hacker could have some other
chip sign something else, but that's harder than simply
stealing a file with the private key.

So, I guess what I'm saying is: in many aspects, a
hardware-based scheme to encrypt does indeed secure
the chain by protecting it from the weakest link: the
user.

Bruce Schmeier seems to put it simply as they're making
the process of encrypting a little more robust and
secure; depending on the exact way the hardware handles
the encryption, that could come as a solution to many
of the key-management related problems, which is indeed
one of the weakest links in many systems. Right?

Carlos
--
.

Relevant Pages

  • Re: An old gem - private key encryption
    ... understanding of what a signature really is, ... the block is encrypted with the appropriate private key .." ... > I don't see the reason to ENCRYPT your buffer with the private key because ... > anybody can decrypt it anyway (assuming the public key is public). ...
    (microsoft.public.platformsdk.security)
  • Re: IBM Touts Integrated Encryption
    ... | signature does ... | to leave the chip. ... | hardware-based scheme to encrypt does indeed secure ...
    (sci.crypt)
  • Re: An old gem - private key encryption
    ... of signature. ... private key and decryption with public key. ... containing hash of data covered by the signature) with the RSA ... >> I don't see the reason to ENCRYPT your buffer with the private key ...
    (microsoft.public.platformsdk.security)
  • Re: Encrypt data
    ... extract signature parameter and encrypt with the publickey extracted ... I assume the private key (corresponding to your mycert.cer is accessible on ... Asymmetric RSA encryption has a limit on size of data that can be ... i'm trying to encrypt data with a publickey exctracted from certificate ...
    (microsoft.public.platformsdk.security)
  • Re: Reverse Encryption in .NET
    ... so he can use this key to encrypt the message ... and decrypt it on the server with it's private key. ... the point is different because of the signature procedure nature ... > private key instead of public key) in .NET. ...
    (microsoft.public.dotnet.framework.aspnet.security)