A cost analysis of Vista content protection
Posted Dec 28, 2006 15:33 UTC (Thu) by i3839
In reply to: A cost analysis of Vista content protection
Parent article: A cost analysis of Vista content protection
Diffie-Hellman doesn't protect against man-in-the-middle attacks, so some form of authentication would be still needed. And for that there needs to be keys both in hardware and the driver.
The key in the driver could be replaced with any key the attacker wants, and then the authentication would seem to succeed and unencrypted content would be received by the fake videocard. I don't believe they're so stupid to bet on this...
But maybe they do, as it appears that the driver needs to do checks, and checks can be bypassed, so what the hell are they thinking? If the driver needs to do any checks then the system is broken by design.
to post comments)