TiVo Awarded Patent For Password You Can't Hack 291
Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."
A really long one? (Score:4, Insightful)
That doesn't sound like it would be worth a patent.
Then again, it might be more interesting and have non-typeable characters...
Or maybe just "Joshua"
longer than the life of a hard drive in order .... (Score:5, Insightful)
And what if it's a WD drive they are talking about? The life of those is so low they had to drop their warranty to 1 year because they admitted 3 years would put them out of business. (The reason I only use Segate 5 year warranty drives).
Re:So.... (Score:5, Insightful)
(ie: does making outlandish and incorrect claims in a patent invalidate it?)
Re:So.... (Score:5, Insightful)
Yet another reason not to get a Series3 TiVo (Score:5, Insightful)
Look, if I buy a device that has a hard drive in it, that hard drive is mine. The data on it is mine. If you don't want me to access it from the "wrong" host, maybe you shouldn't have sold it in the first place. You can have all the control you want over that hard drive while it's gathering dust in your warehouse.
Why so much effort (Score:3, Insightful)
Re:And the password is... (Score:1, Insightful)
can we get the old hahaha tag now (Score:5, Insightful)
Re:I've done this before just for fun. (Score:5, Insightful)
In the text they mention prior art of both:
1. Using a challenge system between a hard drive and a host
2. a wire-secure challenge system
Even if no one has ever put cryptographic functions into a hard drive (I'd be surprised) virtually every cryptography paper talks about all of the communications in the only meaningful terms, abstract ones, implying in a way obvious to non-experts that it can be used between any equipment.
This, like many other bad patents, is at best a land-grab for a specific piece of territory so well discovered, mapped, and understood that claiming a portion of it is just ridiculous.
The patent that will never reach courts. (Score:5, Insightful)
At least you know nobody is going to get sued over this one. Ever.
What good...? (Score:2, Insightful)
Imagine what the historians and archaeologists are going to do with these doorstops. The quest for perfect data security is beginning to sound an awful lot like the final pages of _Fahrenheit 451_.
--
Toro
Re:Sure, uncrackable like every uncrackable code (Score:3, Insightful)
Cryptographic Challenge-Response Authentication? (Score:4, Insightful)
In what novel way - or any way for that matter - does this differ from standard cryptographic challenge-response authentication? I mean, maybe they are using an extremely long generated series of psuedorandom keys, secrets, responses, or all 3 but I don't see how that is novel. Or perhaps incorrect responses result in the disk controller becoming non-responsive for a short period to increase the time required to exhaust the series, but that isn't novel either.
Any ideas?
Re:can we get the old hahaha tag now (Score:2, Insightful)
Larry Ellison once said of Oracle "can't break it, can't break in". From a security view, Oracle then was a total POS. Even worse than Windows - the worst was 9i release 1. Now, it is a little better as long as you are running 10g R2. If you are running any earlier version of Oracle, upgrade now before your databases are 0wn3d. Better yet, secure them behind firewalls from your corporate intranet. I think Larry used the quote to get some free R&D from the hackers. Now, they can't use any sales pitch to our organization with the work "break" in it without getting laughed out of our building.
Anyway, now they are calling their version of Linux "Unbreakable". All they did was put their logos on Redhat EL4. At least they could have added a configuration option for running an Oracle database
How is this news? (Score:5, Insightful)
The problem with DRM is that the person who is the recipient is also one of the people they want to keep out. This creates a problem: To decrypt the message (by message I mean whatever they are giving you, video, song, game, whatever) you have to give them the key. However, if they have the key, well then they can decrypt it and do what they want with it.
This leads to all the tricky, and ineffective, stuff we see these days. They try to hide the key so that only the device can find it and you can't get at it. Well that just don't work. It can make it so it isn't as simple as just copying a disk, but as we've seen with the AACS break, you can't hide that shit from a determined attacker. The key IS on there, it CAN be found.
So I don't care how good their password scheme is. AES-256 with a 64 character password is good enough to last until the sun goes dark (or at least until quantum computing becomes a reality) but that doesn't buy you anything if you have to hand out the key as part of your scheme as is required by DRM.
Re:Read the patent... (Score:3, Insightful)
Re:Cryptographic Challenge-Response Authentication (Score:3, Insightful)
Re:So.... (Score:2, Insightful)
Re:So.... (Score:5, Insightful)
Re:slashdot is just plain immoral (Score:3, Insightful)
It has nothing to do with copy protection. You don't honestly think TiVo gives a rat's ass about copy protection, do you? They care exactly as much as is necessary to keep from getting sued. The Series 1 was probably sufficient. No, the new anti-consumer trend in TiVo has nothing to do with copy protection and everything to do with upgrade prevention.
Every person with a Series 1 TiVo and a giant hard drive is someone to whom they didn't sell a Series 3 TiVo. They naively think that by locking down the drive so that it is locked to their hardware and can't be cloned, people will magically decide "I can't upgrade this one, so I should buy a new one that's bigger." Of course, they're right. Some people will. However, most smart people will see it for what it is, will raise their middle fingers in TiVo's general direction, and will buy a product from one of their many competitors.
Farewell, TiVo. We hardly knew ye.
Re:So.... (Score:5, Insightful)
In the US at least, there's no requirement that a patented idea or invention or system actually do anything useful or work or even do what it claims.
There are numerous patents for mind-reading devices, nutjob free energy systems and perpetual motion machines, and searching the USPTO database for the "hyper-light-speed antenna" will produce some interesting reading.
Might as well patent completely unbreakable DRM.
Re:Yet another reason not to get a Series3 TiVo (Score:3, Insightful)
The blame for that doesn't go with TiVo, but with CableLabs. You see, either the Series 3 TiVo cannot receive high-def cable at all using CableCARDs, (in which case, well, you might as well stick with a tried and true series 2), or you have to agree to the rather onerous terms of the CableLabs license to use CableCARD. And part of the CableLabs agreement involves stuff like what TiVoToGo does.
Heck, only recently have Series 3 TiVos had their eSATA ports turned on. Part of this is where the CableLabs agreement was modified to allow external storage of CableCARD protected media, provided said media was encrypted (I'm sure TiVo was the primary cause of this change). In fact, it's possibly the reason why TiVO got this patent - the encryption is for the external eSATA disk.
That's probably why if you can stand it, your cable company's HD box can output via Firewire - its not bound by the CableLabs agreement since the cable company wants you to rent their boxes. And would prefer to lock you into those boxes, rather than letting outsiders mess with their locked-up cable signal. It's the only reason CableCARD is around - the FCC demanded a way for people to get access to encrypted cable signals without needing a special cable box to do it. (And many cable companies are trying to make CableCARDs as inconvenient to get as possible.)
Also why development of CableCARDs has been slow. Cable companies want to control everything - the menu you see, the guide, the layout of graphics, etc (and the ads in the cable menus). TiVo conveniently skips all that crap and uses its own interface.
Cable companies would prefer to have everything locked up and under their control, much like cellular carriers. Unlike cellular carriers, there often isn't competition about it. Heck, in Canada, my cable company (Shaw) does not carry CableCARDs because the current revision won't let them have their crappy UI, and support pay-per-view or other "enhanced" (i.e, pay to use) features, just receive their digital cable and high-def cable service. (Of course, they don't have to, but it would be nice. I'd buy a series 3 TiVo in an instant if they did, instead of going without and thus losing the potential subscription revenue.)
Re:Warranties (Score:2, Insightful)
Does it matter? (Score:3, Insightful)
So, why is it in any way meaningful whether that invalidates a patent which doesn't mean jack in the first place?
Comment removed (Score:4, Insightful)