TiVo Awarded Patent For Password You Can't Hack 291
Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."
Warranties (Score:2, Informative)
I lost all my important data on my hard drive from it crashing.
Sincerely,
Unhappy user
======
Dear User,
Here is a new hard drive replacement.
Sincerely,
Seagate
Re:longer than the life of a hard drive in order . (Score:3, Informative)
if you check newegg for hard drives most of the WD drives there have a 3 or 5 year warranty on them
Re:longer than the life of a hard drive in order . (Score:2, Informative)
maybe im just lucky ^^
Re:Yet another reason not to get a Series3 TiVo (Score:5, Informative)
Re:Read the patent... (Score:4, Informative)
It's the diffie-helman key exchange (Score:4, Informative)
An authentication system for securing information within a disk drive to be read and written to only by a specific host computer such that it is difficult or impossible to access the drive by any system other than a designated host is disclosed. While the invention is similar in intent to a password scheme, it significantly more secure. The invention thus provides a secure environment for important information stored within a disk drive. The information can only be accessed by a host if the host can respond to random challenges asked by the disk drive. The host's responses are generated using a cryptography chip processing a specific algorithm. This technique allows the disk drive and the host to communicate using a coded security system where attempts to break the code and choose the correct password take longer to learn than the useful life of the disk drive itself.
Drive sends random junk. Host responds with digital signature on random junk. Drive verifies signature. It's a diffie-hellman key exchange derived system called a digital signature. RSA and DSA (El Gamal is DSA's corresponding cryptosystem) are examples.
BeyondTV (Score:4, Informative)
Re:A really long one? (Score:1, Informative)
Re:So.... (Score:5, Informative)
As soon as you can do that, 3 things are true:
(1) You can preserve it on something more reliable (longer life) than the original drive and work on cracking it from there.
(2) You can make multiple copies and work on it x times faster by attacking each drive/copy with a separate part of the list of possible solutions.
(3) You can spend as long as you like working on cracking it and when the drive reaches the end of it's life, pick up where you left off working on your clone disk.
More importantly how many copies would you need to make to solve it within a useful time period at all? Would you get the data within a useful time frame? Within years? Within your own life time?
Obviously if they have made it so that you can only access the drive with a specific controller then the idea of taking copies is significantly more difficult, but from what I've read it's just a regular Western Digital drive which means you could hook it up and take a raw image of the entire disk even without being able to decode the contents at that point. So as the parent said, you're not hacking it "in situ" and as soon as the drive gets into a consumer's home, you've handed of a the data to be copied.
This is just a patent for making hacking difficult, but since when does that stop anyone?
Meanwhile, I am not even going to bother trying to figure out how this is a solution for "securing networks".
IANAL... (Score:5, Informative)
...but I am a law student and just took an introductory IP course, so I'll try to answer. A patent must actually do what you claim it does. But they don't claim it can't be cracked:
Re:Sure, uncrackable like every uncrackable code (Score:5, Informative)
Crypto on a chip is more secure than crypto in a binary.
Re:oh i found it on google with 1.9 mln results! (Score:4, Informative)
To quote Spock, "I believe that is what [he] said."
I only caught it because I read RFC 2045 the other day. (specifically, the section on Base64 encoding...)
-:sigma.SB
Not on Series2 Tivos... (Score:2, Informative)
On a Series2 Tivo, it's not rocket science:
1) Pull hard drive
2) Replace kernel with another kernel that doesn't do an integrity check of files at boot time.
3) Make the startup scripts spawn a telnet daemon (Tivo was thoughtful enough to provide one)
4) Change 8 bytes in 'tivoapp' to disable encryption.
(and copying files off the Tivo this way is at least 2x faster than TivoToGo transfers)
Series2.5 (nightlight and dual-tuner) and Series3 (dual CableCard HDTV) require that a PROM chip be desoldered, reflashed to remove file integrity checking, and then put back in. All the Series3 Tivo lacks is step 4, but it'll only be a matter of time.
Re:IANAL... (Score:1, Informative)
The only way to invalidate this would be if someone could come up with prior art