02-15-2007, 09:01 AM | #31 | ||
Uebermensch
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
|
Quote:
Quote:
|
||
02-15-2007, 09:24 AM | #32 |
Fully Converged
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
I've been following this discussion with interest, and what surprises me is that Sony is trying to lock down access to the device. It's just so counterproductive.
It also reminds me of what iLiad hobby programmers went through - until iRex agreed, and supplied the necessary steps to access the iLiad. |
Advert | |
|
02-15-2007, 09:29 AM | #33 |
Wizard
Posts: 3,442
Karma: 300001
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
|
Well, I sort of can understand them... they're probably trying to prevent using unauthorized access to circumvent DRM. Except doing that on the device is not really practical - the desktop reading software is much easier to break into.
|
02-15-2007, 10:14 AM | #34 | |
Fully Converged
Posts: 18,163
Karma: 14021202
Join Date: Oct 2002
Location: Switzerland
Device: Too many to count here.
|
Quote:
|
|
02-15-2007, 11:22 AM | #35 | |
Banned
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
|
Quote:
|
|
Advert | |
|
02-15-2007, 11:23 AM | #36 | |
Banned
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
|
Quote:
|
|
02-15-2007, 12:05 PM | #37 | |
HTTP Error
Posts: 85
Karma: 3000000
Join Date: Oct 2006
Device: Kindle Paperwhite
|
Quote:
Version 3 of the GPL might have such a requirement, however Linux is licensed under version 2, so any such change won't help until and unless Linux moves to version 3 (unlikely) AND Sony updates to a Linux version after such a change (even more unlikely, if they want to keep people out of the hardware). http://www.gnu.org/copyleft/gpl.html Last edited by FourOhFour; 02-15-2007 at 12:06 PM. Reason: grammar |
|
02-15-2007, 01:35 PM | #38 | |
Fanatic
Posts: 556
Karma: 1057213
Join Date: Sep 2006
Location: North Eastern U.S.
Device: Sony Reader
|
Quote:
As far as I know Sony did not introduce a single noticeable improvement in their update. None of the wishes of the community were taken into account, but the desire to close the firmware to hacking was. Why? If Sony doesn't want to spend money and effort on improving the device, why not let the others help for free? Last edited by porkupan; 02-15-2007 at 01:59 PM. |
|
02-15-2007, 01:52 PM | #39 |
Gizmologist
Posts: 11,615
Karma: 929550
Join Date: Jan 2006
Location: Republic of Texas Embassy at Jackson, TN
Device: Pocketbook Touch HD3
|
This first update was apparently aimed at fixing mostly stability issues that they'd become aware of early after release, with added functions coming in future updates. Why any of that should affect the existing home brew is ... troubling, however. I haven't run across anything yet that gives me any notions of what's really going on with it, but if/when I'll point them out.
|
02-15-2007, 02:20 PM | #40 | |
Addict
Posts: 364
Karma: 1035291
Join Date: Jul 2006
Location: Redmond, WA
Device: iPad Mini,Kindle Paperwhite
|
Quote:
|
|
02-15-2007, 03:32 PM | #41 |
Banned
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
|
Please excuse my lack of precision: http://en.wikipedia.org/wiki/Digital...ture_Algorithm
The Sony Reader firmware is now using DSA/SHA-1 protection. |
02-15-2007, 05:18 PM | #42 |
Banned
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
|
Evidently things have advanced, we're now at 2^63. My back of the napkin sketch gets me down to 24 Virtex 5 chips for a max break time of 63 days.
Anyone willing to assemble 1024 chips could do breaks in 1.5 days. http://en.wikipedia.org/wiki/Sha1 |
02-15-2007, 05:30 PM | #43 |
Addict
Posts: 364
Karma: 1035291
Join Date: Jul 2006
Location: Redmond, WA
Device: iPad Mini,Kindle Paperwhite
|
I'm not sure there is any point in finding a hash collision. Hash collisions are potentially useful if you want to forge a digital signature, but its a kind of one-off attack, and requires padding of the data to be signed.
In this particular case what you want to do is fake a signature on a modified firmware. Padding probably isn't much of an option. You really need to break the DSA key. Doable at 1024 bits, but not cheap. Much better to just remove the signature check. |
02-15-2007, 05:38 PM | #44 |
Addict
Posts: 364
Karma: 1035291
Join Date: Jul 2006
Location: Redmond, WA
Device: iPad Mini,Kindle Paperwhite
|
If you go read that wikipedia article, you will see in fact: "In academic cryptography, any attack that has less computational complexity than a brute force search is considered a break. This does not, however, necessarily mean that the attack can be practically exploited."
I used to be a crypto guy but have been out of the field for the past 5 years. But if my memory serves me correctly, the biggest attack so far has been the discovery of some "neutral" data that can be inserted at block boundaries without affecting the final hash value. Potentially exploitable in rare situations but not generally useful. |
02-15-2007, 06:25 PM | #45 |
Banned
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
|
All the crypto texts all admonish everyone to remember the impact of Moore's Law. I just re-read Diamond Age and it has a reference to increasing key length to keep ahead of advances in computational capacity.
In the two years since the academic "break" we've gone from Virtex 4 to Virtex 5. The number of chips required to build a breaking engine has been reduced to the point that someone could put it on their Visa Gold card. As with the number of x86 disassembler people vs ARM disassembler people, how many folks can program a Virtex 5 to attack SHA-1? If you are interested, this paper speaks to using hash collisions to recover private keys: http://theory.csail.mit.edu/~yiqun/H...intVersion.pdf |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hilarious Paper vs Ebook analysis | notyou | General Discussions | 2 | 06-28-2010 04:39 PM |
Flashing your EZ Reader Pro | Moo Strength | Astak EZReader | 15 | 09-19-2009 06:30 PM |
LIT generation -- binary analysis help with the last %0.1? | llasram | Workshop | 12 | 12-13-2008 05:23 AM |
Analysis of the De Tijd-project | TadW | News | 1 | 04-17-2007 05:13 PM |
PRS-500 Flashing the Reader via SD/MS | scotty1024 | Sony Reader Dev Corner | 29 | 04-09-2007 07:31 AM |