It's about trust, not technical (counter)measures.
You see, I simply lack trust to entities like MS. Using flawed certificate is yet another reason to dislike oppressors but it does not excuses oppression itself. I don't feel safe and secure when these liars offer me no choice but to surrender and consider them as root of trusted authority. This "trust" haves inherently flawed foundation. And ARM TrustZone usually used to restrict user, apply DRM restrictions or conduct other kinds of anti-user "security".
I can remember there was story that some collisions were found for MD5 but if I remember well it was not possible to apply it to arbitrary hash. Are there any proof it's possible to collide with arbitrary hash?
Still not a valid reason to force me to trust to entities like this. Hence, words about "security" and "trust" are marketing crap. And real purpose is rather to have extended level of control over my hardware to make it acting against my will and interests. Clearly a backdoor-like initiative, unless firmware is opensource and can be checked for absence of backdoors and all keys are replaceable by owner, who can present it's physical proof of presence. For some reason I think it will be not a case and instead this thing would be used to pwn users here and there, lock them down and restrict them. For their own money. Hmmph.
Originally posted by smitty3268
View Post
Remember a few years back when some researchers showed they cracked MD5 with an array of 200 PS3's? The Flame authors did the same thing, but using their own attack method. And it was actually before that researcher publicized that it was possible.
When that came out, pretty much everyone abandoned MD5 as insecure, but somehow MS kept using it in a few places that got overlooked.
Comment