[sldev] 3rd party viewer policy post on blogs.secondlife.com

Anders Arnholm Anders at Arnholm.se
Wed Oct 21 08:59:01 PDT 2009

Previous message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Next message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

No the screat are probalt some muchg lnger than allen, it will be
trasforemed with an algoritm.

    f(SKEY, Challange) 

Is what are going to be sent,  this to make sure that KEY are not sent
over the net and intercepter by anyone on the internet. The problem some
to the viewer have to be able to make the calculation f(SKEY, Challange)
to make this computation the coputer will need to have both the function
f(k,c) and the SKEY someware. Whan you have both these to pices of
information in one computer figuring out f() and SKEY are a trivial
work.

The GSM chip forms the same way, but by having the function, known and
the key in a special "tamper" prof hardware, one have a little relative
securite this hardware is actually inside the phone. The idea is any
attempts to tamper the hardware will change the key. Making it
inpossible to read out the key. GSM chip cloinign is thou possible and
have been done.

having the crypto implementesd in a smart chip and not in the
phone/computer makes it harder for anyone to debug and read out
what happens. The GSM simcarda have so far all i know been compromized
on crypto level.

A one-time pad, is actually just a long secret, or a matimatical
function of f(n,key), the idea is the challage, n is only used once
so the encryped data is only sent over the net once. Both the key and
the functions till have to exist at the connecting computer. This give
the attacker possibility to examine the functionm and key.

RSA is a simple and easy algoritm to study to understand how the public
secret scheame works. When you understand this algoritm the limitation
of the ideas also becomes clear, yes it's really cool matematics, it's
way more capable that a simple one time key scheme. But it still can't
solve this problem.
http://en.wikipedia.org/wiki/Public-key_cryptography

Funny you took up GSM security as i have worked wint the USIM module for
Ericsson's phone platform. Well that was not GSM it was 3G but the
principles are the same even if details changed.

On Wed, Oct 21, 2009 at 01:23:21PM -0200, Tigro Spottystripes wrote:
> the secret isn't "ALLEN", the secrent is some sort of formula tha twill
> give an answer to a question, no matter what the question, on eahc check
> the question is different and the asnwer is different, but if both sides
> are using the same formular, the side that asked the question will see
> the answer it is expecting. It's how GSM chip identification works, you
> can't sniff the radio waves to figure out how to clone a chip, the
> questions and answers always change. The secret formula might as well be
> somthing along the lines of a one time pad
> http://en.wikipedia.org/wiki/One-time_pad
> 
> 
> Mike Dickson escreveu:
> > On Wed, 2009-10-21 at 15:03 +0000, Anders Arnholm wrote: 
> >   
> >> The big problem is whan you send your viewer out, if it should be in any
> >> whay possible to send data to the server "HEY I'm the good viewer from
> >> Balp. My secret is, ALLEN" The users computer have to get the secret,
> >> The minute the user have the secret oin there own computer that can
> >> extraxt it. Put in into there own what ever to tell the servers "HEY
> >> I'm the good viewer from Balp. My secret is, ALLEN". This will make any
> >> try to use this for any identifications on the LL side impossible.
> >>     
> >
> > Right, code signing could tell a *user* the original source of the
> > viewer but can't in any way that I know be used to identify over the
> > wire that the viewer is valid in a way thats not spoofable. 
> >
> > Perhaps if the focus is making content creators happy that's enough.
> > Though I don't see a mechanism here for LL to enforce attempts to grief
> > or steal content using a specific viewer. 
> >
> > Mike
> >
> >
> >
> >   
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
      o_   Anders Arnholm,
 o/  /\    anders at arnholm.se
/|_, \\    http://anders.arnholm.se/
/
`
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20091021/1838ea58/attachment.pgp

Previous message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Next message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list