<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_02_09_1557204</id>
	<title>Hardware TPM Hacked</title>
	<author>Soulskill</author>
	<datestamp>1265733900000</datestamp>
	<htmltext><a href="mailto:richard@vems.co.nz" rel="nofollow">BiggerIsBetter</a> writes <i>"Christopher Tarnovsky has <a href="http://www.nzherald.co.nz/technology/news/article.cfm?c\_id=5&amp;objectid=10625082&amp;pnum=0">pulled off the 'near impossible' TPM hardware hack</a>. We all knew it was only a matter of time; this is why you shouldn't entrust your data to proprietary solutions. From the article: 'The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can't be sure, however, whether his attack would work on TPM chips made by companies other than Infineon. Infineon said it knew this type of attack was possible when it was testing its chips. But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users. ... The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment."'"</i></htmltext>
<tokenext>BiggerIsBetter writes " Christopher Tarnovsky has pulled off the 'near impossible ' TPM hardware hack .
We all knew it was only a matter of time ; this is why you should n't entrust your data to proprietary solutions .
From the article : 'The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone .
Tarnovsky said he ca n't be sure , however , whether his attack would work on TPM chips made by companies other than Infineon .
Infineon said it knew this type of attack was possible when it was testing its chips .
But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users .
... The Trusted Computing Group , which sets standards on TPM chips , called the attack " exceedingly difficult to replicate in a real-world environment .
" ' "</tokentext>
<sentencetext>BiggerIsBetter writes "Christopher Tarnovsky has pulled off the 'near impossible' TPM hardware hack.
We all knew it was only a matter of time; this is why you shouldn't entrust your data to proprietary solutions.
From the article: 'The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone.
Tarnovsky said he can't be sure, however, whether his attack would work on TPM chips made by companies other than Infineon.
Infineon said it knew this type of attack was possible when it was testing its chips.
But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users.
... The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment.
"'"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31080718</id>
	<title>Re:Yeah, this is going to be a major problem...</title>
	<author>pod</author>
	<datestamp>1265723880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Except with TPM, the owner is untrusted, and thus a potential attacker. If you have a TPM computer, and YOU want to trust it, you have to get the key out of the hardware.</p></htmltext>
<tokenext>Except with TPM , the owner is untrusted , and thus a potential attacker .
If you have a TPM computer , and YOU want to trust it , you have to get the key out of the hardware .</tokentext>
<sentencetext>Except with TPM, the owner is untrusted, and thus a potential attacker.
If you have a TPM computer, and YOU want to trust it, you have to get the key out of the hardware.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074510</id>
	<title>hardware security</title>
	<author>pizzap</author>
	<datestamp>1265740680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Please also note that even if we assume somebody &ldquo;cracked&rdquo; the TPM chip (e.g. using an electron microscope, or NSA backdoor), that doesn&rsquo;t mean this person can automatically get access to the encrypted disk contents. This is not the case, as the TPM is used only for ensuring trusted boot. After cracking the TPM, the attacker would still have to mount an Evil Maid attack in order to obtain the passphrase or key. Without TPM this attack is always possible.</p></div></blockquote><p> (http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html)</p></div>
	</htmltext>
<tokenext>Please also note that even if we assume somebody    cracked    the TPM chip ( e.g .
using an electron microscope , or NSA backdoor ) , that doesn    t mean this person can automatically get access to the encrypted disk contents .
This is not the case , as the TPM is used only for ensuring trusted boot .
After cracking the TPM , the attacker would still have to mount an Evil Maid attack in order to obtain the passphrase or key .
Without TPM this attack is always possible .
( http : //theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html )</tokentext>
<sentencetext>Please also note that even if we assume somebody “cracked” the TPM chip (e.g.
using an electron microscope, or NSA backdoor), that doesn’t mean this person can automatically get access to the encrypted disk contents.
This is not the case, as the TPM is used only for ensuring trusted boot.
After cracking the TPM, the attacker would still have to mount an Evil Maid attack in order to obtain the passphrase or key.
Without TPM this attack is always possible.
(http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html)
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076614</id>
	<title>Re:tpm?</title>
	<author>MobyDisk</author>
	<datestamp>1265748060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Excellent points.</p><p>Do you know why a 20-character password is so hard?  Because most systems limit passwords to 10 or 15 characters.  Other than that, longer passwords are easier to remember.</p><p>Good, easy to remember, long passwords:<br>"This is my work computer and those IT jerks keep making me change my password"<br>"I hate this training system"<br>"My mother's maiden name is Johnson"</p><p>Most people can easily memorize their name, their address, the characters in their favorite sports movie, the last 5 coaches of their favorite sports team... those longer things are actually \_easier\_ to remember than a single word with no context.</p></htmltext>
<tokenext>Excellent points.Do you know why a 20-character password is so hard ?
Because most systems limit passwords to 10 or 15 characters .
Other than that , longer passwords are easier to remember.Good , easy to remember , long passwords : " This is my work computer and those IT jerks keep making me change my password " " I hate this training system " " My mother 's maiden name is Johnson " Most people can easily memorize their name , their address , the characters in their favorite sports movie , the last 5 coaches of their favorite sports team... those longer things are actually \ _easier \ _ to remember than a single word with no context .</tokentext>
<sentencetext>Excellent points.Do you know why a 20-character password is so hard?
Because most systems limit passwords to 10 or 15 characters.
Other than that, longer passwords are easier to remember.Good, easy to remember, long passwords:"This is my work computer and those IT jerks keep making me change my password""I hate this training system""My mother's maiden name is Johnson"Most people can easily memorize their name, their address, the characters in their favorite sports movie, the last 5 coaches of their favorite sports team... those longer things are actually \_easier\_ to remember than a single word with no context.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074008</id>
	<title>Re:When will they learn</title>
	<author>wvmarle</author>
	<datestamp>1265738640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Every password, every encryption key can be brute-forced, given enough time.
</p><p>No software is flawless.
</p><p>No hardware is flawless.
</p><p>Even the strongest bank vault inside the strongest nuclear bunker under the largest mountain defended by an immense army can be breached.
</p><p>So in your world there is only place for bad security.
</p><p>Luckily for the rest of us there is also something like "good enough" security that is so secure that breaking it is so expensive/hard that it becomes practically impossible.</p></htmltext>
<tokenext>Every password , every encryption key can be brute-forced , given enough time .
No software is flawless .
No hardware is flawless .
Even the strongest bank vault inside the strongest nuclear bunker under the largest mountain defended by an immense army can be breached .
So in your world there is only place for bad security .
Luckily for the rest of us there is also something like " good enough " security that is so secure that breaking it is so expensive/hard that it becomes practically impossible .</tokentext>
<sentencetext>Every password, every encryption key can be brute-forced, given enough time.
No software is flawless.
No hardware is flawless.
Even the strongest bank vault inside the strongest nuclear bunker under the largest mountain defended by an immense army can be breached.
So in your world there is only place for bad security.
Luckily for the rest of us there is also something like "good enough" security that is so secure that breaking it is so expensive/hard that it becomes practically impossible.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074614</id>
	<title>Re:When will they learn</title>
	<author>Anonymous</author>
	<datestamp>1265741100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><nobr> <wbr></nobr></p><div class="quote"><p>...But I am guessing about every secret service in the world already knew how to do this attack.</p></div><p>What the hell would they need millions of dollars worth of human and electronic resources to crack TPM for when waterboarding supplies are less than ten bucks and you usually get an answer in less than 5 minutes?</p><p>Yeah, that may sound like a joke, but seriously, there are enough "old-school" tactics out there to gain access the old fashioned way.  Not to mention the threat tactic of labeling you a "terrorist", and immediately qualify you for "throw-away-the-key" lockup.</p></div>
	</htmltext>
<tokenext>...But I am guessing about every secret service in the world already knew how to do this attack.What the hell would they need millions of dollars worth of human and electronic resources to crack TPM for when waterboarding supplies are less than ten bucks and you usually get an answer in less than 5 minutes ? Yeah , that may sound like a joke , but seriously , there are enough " old-school " tactics out there to gain access the old fashioned way .
Not to mention the threat tactic of labeling you a " terrorist " , and immediately qualify you for " throw-away-the-key " lockup .</tokentext>
<sentencetext> ...But I am guessing about every secret service in the world already knew how to do this attack.What the hell would they need millions of dollars worth of human and electronic resources to crack TPM for when waterboarding supplies are less than ten bucks and you usually get an answer in less than 5 minutes?Yeah, that may sound like a joke, but seriously, there are enough "old-school" tactics out there to gain access the old fashioned way.
Not to mention the threat tactic of labeling you a "terrorist", and immediately qualify you for "throw-away-the-key" lockup.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073782</id>
	<title>Bloke says the US is not ready for cyber war</title>
	<author>auric\_dude</author>
	<datestamp>1265737920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Well that is the state of play according to TheInq <a href="http://www.theinquirer.net/inquirer/news/1591069/ex-army-bloke-us-ready-cyber-war" title="theinquirer.net">http://www.theinquirer.net/inquirer/news/1591069/ex-army-bloke-us-ready-cyber-war</a> [theinquirer.net]</htmltext>
<tokenext>Well that is the state of play according to TheInq http : //www.theinquirer.net/inquirer/news/1591069/ex-army-bloke-us-ready-cyber-war [ theinquirer.net ]</tokentext>
<sentencetext>Well that is the state of play according to TheInq http://www.theinquirer.net/inquirer/news/1591069/ex-army-bloke-us-ready-cyber-war [theinquirer.net]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073974</id>
	<title>Re:When will they learn</title>
	<author>crossmr</author>
	<datestamp>1265738580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>No.. there is a difference between possible and theoretically possible.</p><blockquote><div><p>The new attack discovered by Christopher Tarnovsky is difficult to pull off, partly because it requires physical access to a computer.</p></div> </blockquote><p>I don't really call any hack that requires "physical access" to be a genuine danger.</p><p>If someone has physical access to your box you've got greater worries.</p></div>
	</htmltext>
<tokenext>No.. there is a difference between possible and theoretically possible.The new attack discovered by Christopher Tarnovsky is difficult to pull off , partly because it requires physical access to a computer .
I do n't really call any hack that requires " physical access " to be a genuine danger.If someone has physical access to your box you 've got greater worries .</tokentext>
<sentencetext>No.. there is a difference between possible and theoretically possible.The new attack discovered by Christopher Tarnovsky is difficult to pull off, partly because it requires physical access to a computer.
I don't really call any hack that requires "physical access" to be a genuine danger.If someone has physical access to your box you've got greater worries.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</id>
	<title>Re:tpm?</title>
	<author>Anonymous</author>
	<datestamp>1265737980000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>To encrypt something, you must have a 20-character password minimum to get 128-bit key strength. Nobody likes typing 20 characters, so TPM was invented. TPM stores your key on a separate chip. This chip only coughs up the key if you enter a short password to authenticate yourself to the chip.</p><p>The chip uses rate-limiting boot-delays to prevent brute-forcing of the password.</p><p>So they only way to get the key is to break the chip apart and look at the hardware somehow. The chips are usually encased in epoxy to make this hard to do. It's never been done before. Now it has... but it's still hard work.</p><p>TPM chips come on all business laptops these days, though few businesses make use of them. And they're still better than telling your users to memorize 20 char passwords (which they would just write down).</p></htmltext>
<tokenext>To encrypt something , you must have a 20-character password minimum to get 128-bit key strength .
Nobody likes typing 20 characters , so TPM was invented .
TPM stores your key on a separate chip .
This chip only coughs up the key if you enter a short password to authenticate yourself to the chip.The chip uses rate-limiting boot-delays to prevent brute-forcing of the password.So they only way to get the key is to break the chip apart and look at the hardware somehow .
The chips are usually encased in epoxy to make this hard to do .
It 's never been done before .
Now it has... but it 's still hard work.TPM chips come on all business laptops these days , though few businesses make use of them .
And they 're still better than telling your users to memorize 20 char passwords ( which they would just write down ) .</tokentext>
<sentencetext>To encrypt something, you must have a 20-character password minimum to get 128-bit key strength.
Nobody likes typing 20 characters, so TPM was invented.
TPM stores your key on a separate chip.
This chip only coughs up the key if you enter a short password to authenticate yourself to the chip.The chip uses rate-limiting boot-delays to prevent brute-forcing of the password.So they only way to get the key is to break the chip apart and look at the hardware somehow.
The chips are usually encased in epoxy to make this hard to do.
It's never been done before.
Now it has... but it's still hard work.TPM chips come on all business laptops these days, though few businesses make use of them.
And they're still better than telling your users to memorize 20 char passwords (which they would just write down).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074920</id>
	<title>Re:When will they learn</title>
	<author>noidentity</author>
	<datestamp>1265742240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Do you REALLY consider any form of encryption as impossible to crack? I'd say all of them are a matter of time.</p></div>
</blockquote><p> <a href="http://en.wikipedia.org/wiki/One-time\_pad#Perfect\_secrecy" title="wikipedia.org">One time pad</a> [wikipedia.org]. If you're trying to guess the pad, you might as well just try to guess the message itself, without even bothering with the encrypted data.</p></div>
	</htmltext>
<tokenext>Do you REALLY consider any form of encryption as impossible to crack ?
I 'd say all of them are a matter of time .
One time pad [ wikipedia.org ] .
If you 're trying to guess the pad , you might as well just try to guess the message itself , without even bothering with the encrypted data .</tokentext>
<sentencetext>Do you REALLY consider any form of encryption as impossible to crack?
I'd say all of them are a matter of time.
One time pad [wikipedia.org].
If you're trying to guess the pad, you might as well just try to guess the message itself, without even bothering with the encrypted data.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074462</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073772</id>
	<title>Read about it</title>
	<author>Anonymous</author>
	<datestamp>1265737860000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext>two days ago.  In a newspaper.  In New Zealand.</htmltext>
<tokenext>two days ago .
In a newspaper .
In New Zealand .</tokentext>
<sentencetext>two days ago.
In a newspaper.
In New Zealand.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076810</id>
	<title>Re:CHALLENGE TO TARNOVSKY</title>
	<author>Anonymous</author>
	<datestamp>1265748840000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>But the article makes it sound like he's getting the unencrypted data directly, bypassing the keys entirely....</p></htmltext>
<tokenext>But the article makes it sound like he 's getting the unencrypted data directly , bypassing the keys entirely... .</tokentext>
<sentencetext>But the article makes it sound like he's getting the unencrypted data directly, bypassing the keys entirely....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074098</id>
	<title>Re:When will they learn</title>
	<author>Anonymous</author>
	<datestamp>1265739000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Except that fundamentally, NOTHING is truly impossible.</p><p>So it is a matter of making things exceedingly difficult, such that the cost of an attack exceeds the potential value of the information obtained from executing the attack.</p><p>If you RTFA, the cost and technical complexity of this attack is pretty high, and is more than the benefit you'll gain from most targets implementing this method of security.</p><p>Targets that have information valuable enough to justify executing an attack like the one described are likely to have additional/more sophisticated countermeasures in place.</p></htmltext>
<tokenext>Except that fundamentally , NOTHING is truly impossible.So it is a matter of making things exceedingly difficult , such that the cost of an attack exceeds the potential value of the information obtained from executing the attack.If you RTFA , the cost and technical complexity of this attack is pretty high , and is more than the benefit you 'll gain from most targets implementing this method of security.Targets that have information valuable enough to justify executing an attack like the one described are likely to have additional/more sophisticated countermeasures in place .</tokentext>
<sentencetext>Except that fundamentally, NOTHING is truly impossible.So it is a matter of making things exceedingly difficult, such that the cost of an attack exceeds the potential value of the information obtained from executing the attack.If you RTFA, the cost and technical complexity of this attack is pretty high, and is more than the benefit you'll gain from most targets implementing this method of security.Targets that have information valuable enough to justify executing an attack like the one described are likely to have additional/more sophisticated countermeasures in place.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078842</id>
	<title>Re:It does not matter how hard it was/is.</title>
	<author>LordLucless</author>
	<datestamp>1265713680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>There is no proverbial ghost out of the bottle. Perhaps you meant genie?</htmltext>
<tokenext>There is no proverbial ghost out of the bottle .
Perhaps you meant genie ?</tokentext>
<sentencetext>There is no proverbial ghost out of the bottle.
Perhaps you meant genie?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074178</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076794</id>
	<title>Re:Difficult?</title>
	<author>Anonymous</author>
	<datestamp>1265748780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>&gt;This is like how your house is vulnerable because the lock on the front door can be picked by a lockpicking expert or locksmith. Yet - no one is complaining.</p><p>This is more like how your house is vulnerable because somebody with a steam ram can come up to your house and knock your door down.</p><p>Unless you're one of those guys who live in a Castle with a Moat.  Then you're safe from a steam ram...until they build a causeway.</p></htmltext>
<tokenext>&gt; This is like how your house is vulnerable because the lock on the front door can be picked by a lockpicking expert or locksmith .
Yet - no one is complaining.This is more like how your house is vulnerable because somebody with a steam ram can come up to your house and knock your door down.Unless you 're one of those guys who live in a Castle with a Moat .
Then you 're safe from a steam ram...until they build a causeway .</tokentext>
<sentencetext>&gt;This is like how your house is vulnerable because the lock on the front door can be picked by a lockpicking expert or locksmith.
Yet - no one is complaining.This is more like how your house is vulnerable because somebody with a steam ram can come up to your house and knock your door down.Unless you're one of those guys who live in a Castle with a Moat.
Then you're safe from a steam ram...until they build a causeway.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074266</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075512</id>
	<title>Re:tpm?</title>
	<author>FooAtWFU</author>
	<datestamp>1265744160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>It's never been done before. Now it has... but it's still hard work.</p></div></blockquote><p>
Really? You don't think that the CIA, KGB, or the intelligence agencies of China | Iran | Israel | Elbonia have managed it, ever?</p></div>
	</htmltext>
<tokenext>It 's never been done before .
Now it has... but it 's still hard work .
Really ? You do n't think that the CIA , KGB , or the intelligence agencies of China | Iran | Israel | Elbonia have managed it , ever ?</tokentext>
<sentencetext>It's never been done before.
Now it has... but it's still hard work.
Really? You don't think that the CIA, KGB, or the intelligence agencies of China | Iran | Israel | Elbonia have managed it, ever?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074186</id>
	<title>Solution is quite obvious</title>
	<author>Anonymous</author>
	<datestamp>1265739300000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>Since using technique involves reverse engineering the chip, this is a clear violation of the DMCA. So just find your local attorney and prosecute.</p><p>Problem solved. Nothing to see here move along. Thanks for playing.<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>Since using technique involves reverse engineering the chip , this is a clear violation of the DMCA .
So just find your local attorney and prosecute.Problem solved .
Nothing to see here move along .
Thanks for playing .
: )</tokentext>
<sentencetext>Since using technique involves reverse engineering the chip, this is a clear violation of the DMCA.
So just find your local attorney and prosecute.Problem solved.
Nothing to see here move along.
Thanks for playing.
:)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938</id>
	<title>Difficult?</title>
	<author>Angst Badger</author>
	<datestamp>1265738400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The requirement for physical access aside, it really doesn't matter how difficult the rest of the process is, since someone will eventually figure it out and <i>implement software to do it automatically</i> so any script kiddie can do it. Math -- crypto included -- is funny that way. Considering the amount of money companies invest in products like these, you'd think they'd figure that out sooner or later.</p></htmltext>
<tokenext>The requirement for physical access aside , it really does n't matter how difficult the rest of the process is , since someone will eventually figure it out and implement software to do it automatically so any script kiddie can do it .
Math -- crypto included -- is funny that way .
Considering the amount of money companies invest in products like these , you 'd think they 'd figure that out sooner or later .</tokentext>
<sentencetext>The requirement for physical access aside, it really doesn't matter how difficult the rest of the process is, since someone will eventually figure it out and implement software to do it automatically so any script kiddie can do it.
Math -- crypto included -- is funny that way.
Considering the amount of money companies invest in products like these, you'd think they'd figure that out sooner or later.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074116</id>
	<title>Re:tpm?</title>
	<author>Anonymous</author>
	<datestamp>1265739060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It's not a problem:</p><p>'ABCDEFGHIJKLMNOPQRST'</p><p>What's so hard?</p><p>It's the same difficulty as my luggage: '1234'</p></htmltext>
<tokenext>It 's not a problem : 'ABCDEFGHIJKLMNOPQRST'What 's so hard ? It 's the same difficulty as my luggage : '1234'</tokentext>
<sentencetext>It's not a problem:'ABCDEFGHIJKLMNOPQRST'What's so hard?It's the same difficulty as my luggage: '1234'</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079526</id>
	<title>Re:Solution is quite obvious</title>
	<author>shentino</author>
	<datestamp>1265716560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A silly law isn't going to stop the terrorists, or the enemy.  That's why we have the military.</p><p>Of course, silly laws don't stop the government either.</p></htmltext>
<tokenext>A silly law is n't going to stop the terrorists , or the enemy .
That 's why we have the military.Of course , silly laws do n't stop the government either .</tokentext>
<sentencetext>A silly law isn't going to stop the terrorists, or the enemy.
That's why we have the military.Of course, silly laws don't stop the government either.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074186</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074362</id>
	<title>Thank you</title>
	<author>Anonymous</author>
	<datestamp>1265739960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Thank you, Tarnovsky.  Thankovsky.</p></htmltext>
<tokenext>Thank you , Tarnovsky .
Thankovsky .</tokentext>
<sentencetext>Thank you, Tarnovsky.
Thankovsky.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078564</id>
	<title>Re:Yeah, this is going to be a major problem...</title>
	<author>quanticle</author>
	<datestamp>1265712600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The purpose of TPM is like the purpose of the lock on a door.  Its not to keep the intruder out, but rather to slow the intruder down so that he either gives up or gets caught.  I don't see this as a hack at all, given that by the time any intruder manages to gain access to the chip, the theft of the laptop would have been noticed, and any credentials stored on the TPM would have been invalidated.</p></htmltext>
<tokenext>The purpose of TPM is like the purpose of the lock on a door .
Its not to keep the intruder out , but rather to slow the intruder down so that he either gives up or gets caught .
I do n't see this as a hack at all , given that by the time any intruder manages to gain access to the chip , the theft of the laptop would have been noticed , and any credentials stored on the TPM would have been invalidated .</tokentext>
<sentencetext>The purpose of TPM is like the purpose of the lock on a door.
Its not to keep the intruder out, but rather to slow the intruder down so that he either gives up or gets caught.
I don't see this as a hack at all, given that by the time any intruder manages to gain access to the chip, the theft of the laptop would have been noticed, and any credentials stored on the TPM would have been invalidated.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074014</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073812</id>
	<title>Re:tpm?</title>
	<author>Xipe66</author>
	<datestamp>1265737980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><a href="http://en.wikipedia.org/wiki/Trusted\_Platform\_Module" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Trusted\_Platform\_Module</a> [wikipedia.org]</htmltext>
<tokenext>http : //en.wikipedia.org/wiki/Trusted \ _Platform \ _Module [ wikipedia.org ]</tokentext>
<sentencetext>http://en.wikipedia.org/wiki/Trusted\_Platform\_Module [wikipedia.org]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074420</id>
	<title>Re:When will they learn</title>
	<author>nedlohs</author>
	<datestamp>1265740260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Bullshit.</p><p>All security is breakable - given enough time and money. So all security is just a trade-off how much are you willing to spend and how much inconvenience can you take versus how serious an attack do you need to be secure against.</p><p>Is your house built with bank vault doors and walls and floor and ceiling? Does the door have a lock anyway?</p></htmltext>
<tokenext>Bullshit.All security is breakable - given enough time and money .
So all security is just a trade-off how much are you willing to spend and how much inconvenience can you take versus how serious an attack do you need to be secure against.Is your house built with bank vault doors and walls and floor and ceiling ?
Does the door have a lock anyway ?</tokentext>
<sentencetext>Bullshit.All security is breakable - given enough time and money.
So all security is just a trade-off how much are you willing to spend and how much inconvenience can you take versus how serious an attack do you need to be secure against.Is your house built with bank vault doors and walls and floor and ceiling?
Does the door have a lock anyway?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075010</id>
	<title>Translation:</title>
	<author>Theodore</author>
	<datestamp>1265742540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment."</p><p>Which means there will be a GPU app for it in a week, a device on thinkgeek that also turns off every TV in a tactical area in 2 weeks, and a breakout board from sparkfun in 3 weeks.</p></htmltext>
<tokenext>The Trusted Computing Group , which sets standards on TPM chips , called the attack " exceedingly difficult to replicate in a real-world environment .
" Which means there will be a GPU app for it in a week , a device on thinkgeek that also turns off every TV in a tactical area in 2 weeks , and a breakout board from sparkfun in 3 weeks .</tokentext>
<sentencetext>The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment.
"Which means there will be a GPU app for it in a week, a device on thinkgeek that also turns off every TV in a tactical area in 2 weeks, and a breakout board from sparkfun in 3 weeks.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076424</id>
	<title>Re:surprise surprise</title>
	<author>GameboyRMH</author>
	<datestamp>1265747280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The problem is that people may rely on TPM to keep data on a stolen laptop safe. For example Microsoft's BitLocker encryption can store the key on the TPM module (it can even use the TPM module alone, so that no user input is required to boot). Once the key is retrieved from the TPM module the disk contents will be accessible (depending on the authentication mode).</p><p><a href="http://en.wikipedia.org/wiki/BitLocker\_Drive\_Encryption#Overview" title="wikipedia.org">http://en.wikipedia.org/wiki/BitLocker\_Drive\_Encryption#Overview</a> [wikipedia.org]</p></htmltext>
<tokenext>The problem is that people may rely on TPM to keep data on a stolen laptop safe .
For example Microsoft 's BitLocker encryption can store the key on the TPM module ( it can even use the TPM module alone , so that no user input is required to boot ) .
Once the key is retrieved from the TPM module the disk contents will be accessible ( depending on the authentication mode ) .http : //en.wikipedia.org/wiki/BitLocker \ _Drive \ _Encryption # Overview [ wikipedia.org ]</tokentext>
<sentencetext>The problem is that people may rely on TPM to keep data on a stolen laptop safe.
For example Microsoft's BitLocker encryption can store the key on the TPM module (it can even use the TPM module alone, so that no user input is required to boot).
Once the key is retrieved from the TPM module the disk contents will be accessible (depending on the authentication mode).http://en.wikipedia.org/wiki/BitLocker\_Drive\_Encryption#Overview [wikipedia.org]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282</id>
	<title>Re:surprise surprise</title>
	<author>Jeremy Erwin</author>
	<datestamp>1265739660000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>'near impossible'. Shouldn't that be 'near inevitable'?</p></div><p>No. Consider a strongbox. The best strongboxes, or safes are rated to withstand X minutes of attacking with Y Tools, with the idea being that within those X minutes, the security guards or the police will have responded and arrested the guy patiently drilling holes in the wall. Even though safes have been successfully manipulated, drilled, pried, lanced, or detonated, manufacturers still design strongboxes to thwart burglars, changing locks, adding glass discs, experimenting with new alloys, new shapes, and so on. Inevitably, some thieves will figure out a way to thwart these safeguards, and design begins anew.</p><p>It's not as if the burglars have won, and a burglary safes are a quaint anachronism.</p><p>The TPM should give administrators time to disable credentials in the case of a stolen laptop. But "secret forever" was and probably shall ever remain a pipe dream.</p></div>
	</htmltext>
<tokenext>'near impossible' .
Should n't that be 'near inevitable ' ? No .
Consider a strongbox .
The best strongboxes , or safes are rated to withstand X minutes of attacking with Y Tools , with the idea being that within those X minutes , the security guards or the police will have responded and arrested the guy patiently drilling holes in the wall .
Even though safes have been successfully manipulated , drilled , pried , lanced , or detonated , manufacturers still design strongboxes to thwart burglars , changing locks , adding glass discs , experimenting with new alloys , new shapes , and so on .
Inevitably , some thieves will figure out a way to thwart these safeguards , and design begins anew.It 's not as if the burglars have won , and a burglary safes are a quaint anachronism.The TPM should give administrators time to disable credentials in the case of a stolen laptop .
But " secret forever " was and probably shall ever remain a pipe dream .</tokentext>
<sentencetext>'near impossible'.
Shouldn't that be 'near inevitable'?No.
Consider a strongbox.
The best strongboxes, or safes are rated to withstand X minutes of attacking with Y Tools, with the idea being that within those X minutes, the security guards or the police will have responded and arrested the guy patiently drilling holes in the wall.
Even though safes have been successfully manipulated, drilled, pried, lanced, or detonated, manufacturers still design strongboxes to thwart burglars, changing locks, adding glass discs, experimenting with new alloys, new shapes, and so on.
Inevitably, some thieves will figure out a way to thwart these safeguards, and design begins anew.It's not as if the burglars have won, and a burglary safes are a quaint anachronism.The TPM should give administrators time to disable credentials in the case of a stolen laptop.
But "secret forever" was and probably shall ever remain a pipe dream.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31077104</id>
	<title>Re:Yeah, this is going to be a major problem...</title>
	<author>bill\_mcgonigle</author>
	<datestamp>1265706660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.</i></p><p>It's not about winning or losing, it's about how long it takes to play the game.</p></htmltext>
<tokenext>If the attacker has this much physical access to your system/data then you 've lost LONG before the TPM chip failed.It 's not about winning or losing , it 's about how long it takes to play the game .</tokentext>
<sentencetext>If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.It's not about winning or losing, it's about how long it takes to play the game.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074296</id>
	<title>Re:Difficult?</title>
	<author>jpmorgan</author>
	<datestamp>1265739720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>And you'd think posters would try reading the article before sounding smarmy and dismissing the abilities of others. Funny that.</p><p>Given that the first step of the "attack" is physically dissolving the chip's outer packaging in an acid bath... I'm guessing this won't be showing up in script-kiddie toolchains any time soon.</p></htmltext>
<tokenext>And you 'd think posters would try reading the article before sounding smarmy and dismissing the abilities of others .
Funny that.Given that the first step of the " attack " is physically dissolving the chip 's outer packaging in an acid bath... I 'm guessing this wo n't be showing up in script-kiddie toolchains any time soon .</tokentext>
<sentencetext>And you'd think posters would try reading the article before sounding smarmy and dismissing the abilities of others.
Funny that.Given that the first step of the "attack" is physically dissolving the chip's outer packaging in an acid bath... I'm guessing this won't be showing up in script-kiddie toolchains any time soon.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074492</id>
	<title>Re:When will they learn</title>
	<author>nedlohs</author>
	<datestamp>1265740620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Except that almost the entire reason for a TPM chip it to secure against those with physical access. So you can't just declare that physical access invalidates it.</p></htmltext>
<tokenext>Except that almost the entire reason for a TPM chip it to secure against those with physical access .
So you ca n't just declare that physical access invalidates it .</tokentext>
<sentencetext>Except that almost the entire reason for a TPM chip it to secure against those with physical access.
So you can't just declare that physical access invalidates it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073974</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073942</id>
	<title>Does anyone know if this leads to a soft-hack</title>
	<author>DarkOx</author>
	<datestamp>1265738400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So he did this by access the information in the chips protected storage.  Now that he has done this does it let us get at the set of possible keys or anything that would allow a software solution to defeating these things?</p></htmltext>
<tokenext>So he did this by access the information in the chips protected storage .
Now that he has done this does it let us get at the set of possible keys or anything that would allow a software solution to defeating these things ?</tokentext>
<sentencetext>So he did this by access the information in the chips protected storage.
Now that he has done this does it let us get at the set of possible keys or anything that would allow a software solution to defeating these things?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076116</id>
	<title>Re:When will they learn</title>
	<author>Demonantis</author>
	<datestamp>1265746080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I realize that I am being pedantic with this, but you are incorrect. If the encryption has perfect entropy then it is for lack of a better word flawless. Mind you it is challenging to implement in most cases and has other security concerns beyond the encryption. One-time pads do this because the values used for encryption are never repeated so the output has no consistencies to work from. I think it was only significantly implemented once between the US and Russia during the cold war. The important part of this article is how proprietary designs allowed a company to sell its product for safer then they actually knew it was. Encryption should have tool time ratings just like safes do.</htmltext>
<tokenext>I realize that I am being pedantic with this , but you are incorrect .
If the encryption has perfect entropy then it is for lack of a better word flawless .
Mind you it is challenging to implement in most cases and has other security concerns beyond the encryption .
One-time pads do this because the values used for encryption are never repeated so the output has no consistencies to work from .
I think it was only significantly implemented once between the US and Russia during the cold war .
The important part of this article is how proprietary designs allowed a company to sell its product for safer then they actually knew it was .
Encryption should have tool time ratings just like safes do .</tokentext>
<sentencetext>I realize that I am being pedantic with this, but you are incorrect.
If the encryption has perfect entropy then it is for lack of a better word flawless.
Mind you it is challenging to implement in most cases and has other security concerns beyond the encryption.
One-time pads do this because the values used for encryption are never repeated so the output has no consistencies to work from.
I think it was only significantly implemented once between the US and Russia during the cold war.
The important part of this article is how proprietary designs allowed a company to sell its product for safer then they actually knew it was.
Encryption should have tool time ratings just like safes do.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074008</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074686</id>
	<title>TPM scares me</title>
	<author>Anonymous</author>
	<datestamp>1265741340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I remember years ago when thinkpads introduced TPM chips there were engineers rattling off a long list of attacks the chips were not designed to protect against.  Yes someone hacked it (with a needle?!??!?) but its like having your way with unencrypted and non-identity protected MS SMB protocols... You can demonstrate it and oooh an audience at Defcon but everyone who mattered already knew it could be done anyway.</p><p>My problem with the technology is not that it needs to have explosives built into the casing when people start sticking pins or put EM probes in the vacinity the IC instantly vaporizes.  While that would certainly be cool its more of a basic question - what is the problem that TPM is trying to solve?  Who does TPM protect what from?</p><p>Lets take the full disk encryption scenario for example.  If you really care about your data you'll cheerfully input a novel passphrase each and every time the computer boots to gain access without question and make sure the memory is wiped and placed in a secure vault<nobr> <wbr></nobr>:) when the computer is not under your direct supervision.</p><p>Theres too much entropy in the key to make a brute force attack feasable so your just as safe as any other way of producing a master encryption key.  If your computer is stolen just get another one and plop in a backup disk you've been keeping on the shelf and go on your merry way.  The theif gets new hardware and none of your data.</p><p>How does a TPM make this scenario any better?  It may make key management and rotation easier and more secure, it may protect components of the hardware from their owners..etc.  But when you look at the basic equation if the TPM goes south or the computer dies then your data is now SOL because you can't access it.  The management function of TPM is a tradeoff and IMHO not a good -- perhaps its necessary for general purpose use.</p><p>Use of TPM is better than morons using low entropy finger prints to log into their computers but at the end of the day in my view the technology seems to be answering the wrong question anyway.</p></htmltext>
<tokenext>I remember years ago when thinkpads introduced TPM chips there were engineers rattling off a long list of attacks the chips were not designed to protect against .
Yes someone hacked it ( with a needle ? ! ? ? ! ?
) but its like having your way with unencrypted and non-identity protected MS SMB protocols... You can demonstrate it and oooh an audience at Defcon but everyone who mattered already knew it could be done anyway.My problem with the technology is not that it needs to have explosives built into the casing when people start sticking pins or put EM probes in the vacinity the IC instantly vaporizes .
While that would certainly be cool its more of a basic question - what is the problem that TPM is trying to solve ?
Who does TPM protect what from ? Lets take the full disk encryption scenario for example .
If you really care about your data you 'll cheerfully input a novel passphrase each and every time the computer boots to gain access without question and make sure the memory is wiped and placed in a secure vault : ) when the computer is not under your direct supervision.Theres too much entropy in the key to make a brute force attack feasable so your just as safe as any other way of producing a master encryption key .
If your computer is stolen just get another one and plop in a backup disk you 've been keeping on the shelf and go on your merry way .
The theif gets new hardware and none of your data.How does a TPM make this scenario any better ?
It may make key management and rotation easier and more secure , it may protect components of the hardware from their owners..etc .
But when you look at the basic equation if the TPM goes south or the computer dies then your data is now SOL because you ca n't access it .
The management function of TPM is a tradeoff and IMHO not a good -- perhaps its necessary for general purpose use.Use of TPM is better than morons using low entropy finger prints to log into their computers but at the end of the day in my view the technology seems to be answering the wrong question anyway .</tokentext>
<sentencetext>I remember years ago when thinkpads introduced TPM chips there were engineers rattling off a long list of attacks the chips were not designed to protect against.
Yes someone hacked it (with a needle?!??!?
) but its like having your way with unencrypted and non-identity protected MS SMB protocols... You can demonstrate it and oooh an audience at Defcon but everyone who mattered already knew it could be done anyway.My problem with the technology is not that it needs to have explosives built into the casing when people start sticking pins or put EM probes in the vacinity the IC instantly vaporizes.
While that would certainly be cool its more of a basic question - what is the problem that TPM is trying to solve?
Who does TPM protect what from?Lets take the full disk encryption scenario for example.
If you really care about your data you'll cheerfully input a novel passphrase each and every time the computer boots to gain access without question and make sure the memory is wiped and placed in a secure vault :) when the computer is not under your direct supervision.Theres too much entropy in the key to make a brute force attack feasable so your just as safe as any other way of producing a master encryption key.
If your computer is stolen just get another one and plop in a backup disk you've been keeping on the shelf and go on your merry way.
The theif gets new hardware and none of your data.How does a TPM make this scenario any better?
It may make key management and rotation easier and more secure, it may protect components of the hardware from their owners..etc.
But when you look at the basic equation if the TPM goes south or the computer dies then your data is now SOL because you can't access it.
The management function of TPM is a tradeoff and IMHO not a good -- perhaps its necessary for general purpose use.Use of TPM is better than morons using low entropy finger prints to log into their computers but at the end of the day in my view the technology seems to be answering the wrong question anyway.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074312</id>
	<title>Re:Maybe it's time to rethink "digital everything"</title>
	<author>mrjb</author>
	<datestamp>1265739780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Maybe it's time to greatly reduce our dependency on the digital world to secure trade and state secrets.</p></div></blockquote><p> Make sure to hand in your geek card on the way out.</p></div>
	</htmltext>
<tokenext>Maybe it 's time to greatly reduce our dependency on the digital world to secure trade and state secrets .
Make sure to hand in your geek card on the way out .</tokentext>
<sentencetext>Maybe it's time to greatly reduce our dependency on the digital world to secure trade and state secrets.
Make sure to hand in your geek card on the way out.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074108</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075480</id>
	<title>When I see "TPM hacked" only one thing comes to me</title>
	<author>JudgeFurious</author>
	<datestamp>1265744040000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>Somebody fixed The Phantom Menace? I'd like to see that.</htmltext>
<tokenext>Somebody fixed The Phantom Menace ?
I 'd like to see that .</tokentext>
<sentencetext>Somebody fixed The Phantom Menace?
I'd like to see that.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075894</id>
	<title>Re:surprise surprise</title>
	<author>DarkOx</author>
	<datestamp>1265745420000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>Right but outside the fire safes you get at home center most safes and strongboxes are designed such that they are difficult to remove from the site.  They may be very heavy requiring equipment to move fastened from the inside etc etc.  In the case of laptops and phones virtually any situation in which this sort of attack will be used is one where the units whereabouts are not know to the owner.  Which makes it pretty hard to respond to.  The big sell point on TPM was if your device goes missing its brick to whomever finds it; this sorta makes that untrue.</p><p>Yes you make your laptop useless to the typical thief but as far as corporate espionage, government records leaking etc etc; this makes TPM a pretty poor defense.  Yes I realize its supposed to be one line of defense bu when things like the keys to your disk encryption are stored there those remaining lines are not much of a hurdle.</p></htmltext>
<tokenext>Right but outside the fire safes you get at home center most safes and strongboxes are designed such that they are difficult to remove from the site .
They may be very heavy requiring equipment to move fastened from the inside etc etc .
In the case of laptops and phones virtually any situation in which this sort of attack will be used is one where the units whereabouts are not know to the owner .
Which makes it pretty hard to respond to .
The big sell point on TPM was if your device goes missing its brick to whomever finds it ; this sorta makes that untrue.Yes you make your laptop useless to the typical thief but as far as corporate espionage , government records leaking etc etc ; this makes TPM a pretty poor defense .
Yes I realize its supposed to be one line of defense bu when things like the keys to your disk encryption are stored there those remaining lines are not much of a hurdle .</tokentext>
<sentencetext>Right but outside the fire safes you get at home center most safes and strongboxes are designed such that they are difficult to remove from the site.
They may be very heavy requiring equipment to move fastened from the inside etc etc.
In the case of laptops and phones virtually any situation in which this sort of attack will be used is one where the units whereabouts are not know to the owner.
Which makes it pretty hard to respond to.
The big sell point on TPM was if your device goes missing its brick to whomever finds it; this sorta makes that untrue.Yes you make your laptop useless to the typical thief but as far as corporate espionage, government records leaking etc etc; this makes TPM a pretty poor defense.
Yes I realize its supposed to be one line of defense bu when things like the keys to your disk encryption are stored there those remaining lines are not much of a hurdle.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074358</id>
	<title>Create a metal chip enclosure?</title>
	<author>Anonymous</author>
	<datestamp>1265739960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Obviously this works because it's possible to remove the (plastic/something) filling that the chip is made of and expose its circutry.</p><p>Would it be possible to cover the circutry with something that is extremely difficult to remove without also damaging the circutry? I would guess either something that requires any form of mechanical removal (obviously - glass?), or a less conductive metal alloy. If possible, even that a vital piece made of X is covered by material Y, and vital piece made of Y very very close to it is covered by material X, obviously the bottom layer connected and the top one isolated. Plastic/unconventional semiconductors anyone?</p></htmltext>
<tokenext>Obviously this works because it 's possible to remove the ( plastic/something ) filling that the chip is made of and expose its circutry.Would it be possible to cover the circutry with something that is extremely difficult to remove without also damaging the circutry ?
I would guess either something that requires any form of mechanical removal ( obviously - glass ?
) , or a less conductive metal alloy .
If possible , even that a vital piece made of X is covered by material Y , and vital piece made of Y very very close to it is covered by material X , obviously the bottom layer connected and the top one isolated .
Plastic/unconventional semiconductors anyone ?</tokentext>
<sentencetext>Obviously this works because it's possible to remove the (plastic/something) filling that the chip is made of and expose its circutry.Would it be possible to cover the circutry with something that is extremely difficult to remove without also damaging the circutry?
I would guess either something that requires any form of mechanical removal (obviously - glass?
), or a less conductive metal alloy.
If possible, even that a vital piece made of X is covered by material Y, and vital piece made of Y very very close to it is covered by material X, obviously the bottom layer connected and the top one isolated.
Plastic/unconventional semiconductors anyone?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074960</id>
	<title>Re:When will they learn</title>
	<author>nomadic</author>
	<datestamp>1265742420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>That near impossible = possible = bad security.</i>
<br>
<br>
No, you're completely and utterly wrong.  There is no such thing as perfect security.  The best you can get is "near impossible."  So you're basically saying all security=bad security.</htmltext>
<tokenext>That near impossible = possible = bad security .
No , you 're completely and utterly wrong .
There is no such thing as perfect security .
The best you can get is " near impossible .
" So you 're basically saying all security = bad security .</tokentext>
<sentencetext>That near impossible = possible = bad security.
No, you're completely and utterly wrong.
There is no such thing as perfect security.
The best you can get is "near impossible.
"  So you're basically saying all security=bad security.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078144</id>
	<title>Re:tpm?</title>
	<author>osu-neko</author>
	<datestamp>1265710980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Well, yes.  Those who object to that are not thinking clearly about what kinds of attacks are possible on a password and what various security measures are meant to prevent.  A 20 character password is supposed to slow down brute forcing the hash on the captured password file or the like.  It's no more secure than a six character password on a "gun to the head" attack.  If someone has physical access to my person, they have access to all my passwords, whether I wrote them down in a little black book I keep with me or not.  If I failed to write them down, they need only wave a gun in my general direction and I'll happily write them down for them.  Having them already written down simply saves a bit of time and unpleasantness...</htmltext>
<tokenext>Well , yes .
Those who object to that are not thinking clearly about what kinds of attacks are possible on a password and what various security measures are meant to prevent .
A 20 character password is supposed to slow down brute forcing the hash on the captured password file or the like .
It 's no more secure than a six character password on a " gun to the head " attack .
If someone has physical access to my person , they have access to all my passwords , whether I wrote them down in a little black book I keep with me or not .
If I failed to write them down , they need only wave a gun in my general direction and I 'll happily write them down for them .
Having them already written down simply saves a bit of time and unpleasantness.. .</tokentext>
<sentencetext>Well, yes.
Those who object to that are not thinking clearly about what kinds of attacks are possible on a password and what various security measures are meant to prevent.
A 20 character password is supposed to slow down brute forcing the hash on the captured password file or the like.
It's no more secure than a six character password on a "gun to the head" attack.
If someone has physical access to my person, they have access to all my passwords, whether I wrote them down in a little black book I keep with me or not.
If I failed to write them down, they need only wave a gun in my general direction and I'll happily write them down for them.
Having them already written down simply saves a bit of time and unpleasantness...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075682</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073834</id>
	<title>Security only buys you time.</title>
	<author>tjstork</author>
	<datestamp>1265738040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This one line changes things:</p><p><i>The new attack discovered by Christopher Tarnovsky is difficult to pull off, partly because it requires physical access to a computer. </i></p><p>You can't have a piece of hardware make your data safe forever.  It only needs to be safe for as long as you use it.</p></htmltext>
<tokenext>This one line changes things : The new attack discovered by Christopher Tarnovsky is difficult to pull off , partly because it requires physical access to a computer .
You ca n't have a piece of hardware make your data safe forever .
It only needs to be safe for as long as you use it .</tokentext>
<sentencetext>This one line changes things:The new attack discovered by Christopher Tarnovsky is difficult to pull off, partly because it requires physical access to a computer.
You can't have a piece of hardware make your data safe forever.
It only needs to be safe for as long as you use it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074128</id>
	<title>Obligatory XKCD</title>
	<author>Voyager529</author>
	<datestamp>1265739120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p> <a href="http://xkcd.com/538/" title="xkcd.com">http://xkcd.com/538/</a> [xkcd.com] </p><p>If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles, then it's valuable enough to threaten the person with the password to divulge it.</p></htmltext>
<tokenext>http : //xkcd.com/538/ [ xkcd.com ] If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles , then it 's valuable enough to threaten the person with the password to divulge it .</tokentext>
<sentencetext> http://xkcd.com/538/ [xkcd.com] If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles, then it's valuable enough to threaten the person with the password to divulge it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074578</id>
	<title>The best part...</title>
	<author>Anonymous</author>
	<datestamp>1265740980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I wish I could remember which senator was screaming his head off to get these put in all computers as a mandate by the U.S. Federal Government.  Just another example of how competent the fed. gov. is and should NOT be trusted to ever tell the populace what they must do!</p></htmltext>
<tokenext>I wish I could remember which senator was screaming his head off to get these put in all computers as a mandate by the U.S. Federal Government .
Just another example of how competent the fed .
gov. is and should NOT be trusted to ever tell the populace what they must do !</tokentext>
<sentencetext>I wish I could remember which senator was screaming his head off to get these put in all computers as a mandate by the U.S. Federal Government.
Just another example of how competent the fed.
gov. is and should NOT be trusted to ever tell the populace what they must do!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073834</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074068</id>
	<title>Re:"high-skill"</title>
	<author>maxume</author>
	<datestamp>1265738820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>He dissolved the outside of the chip without destroying the insides, and then he electrically accessed the chip with a needle.</p><p>So, no kidding.</p></htmltext>
<tokenext>He dissolved the outside of the chip without destroying the insides , and then he electrically accessed the chip with a needle.So , no kidding .</tokentext>
<sentencetext>He dissolved the outside of the chip without destroying the insides, and then he electrically accessed the chip with a needle.So, no kidding.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073896</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074090</id>
	<title>Infinitely Improbable == Finitely Probable</title>
	<author>fuzznutz</author>
	<datestamp>1265738940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>All you need is a good source of Brownian Motion.</htmltext>
<tokenext>All you need is a good source of Brownian Motion .</tokentext>
<sentencetext>All you need is a good source of Brownian Motion.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075190</id>
	<title>Re:surprise surprise</title>
	<author>Anonymous</author>
	<datestamp>1265743080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>No. Consider a strongbox. The best strongboxes, or safes are rated to withstand X minutes of attacking with Y Tools, with the idea being that within those X minutes, the security guards or the police will have responded and arrested the guy patiently drilling holes in the wall. Even though safes have been successfully manipulated, drilled, pried, lanced, or detonated, manufacturers still design strongboxes to thwart burglars, changing locks, adding glass discs, experimenting with new alloys, new shapes, and so on. Inevitably, some thieves will figure out a way to thwart these safeguards, and design begins anew.</p></div><p>That design pattern only works, if, once out of a zillion tries, the safe opens and the contents are essentially replicated instantly to everyone on the internet.</p><p>Here is the slashdot car analogy.  Its my car with my car door lock, and I'll do what I want with my precious unique angel of a car.  One in a billion people cracks the lock, and suddenly the entire world has a perfect digital copy of my precious "unique" car.  And they'll do whatever they please with their copy of "my" car.  Ooops.</p></div>
	</htmltext>
<tokenext>No .
Consider a strongbox .
The best strongboxes , or safes are rated to withstand X minutes of attacking with Y Tools , with the idea being that within those X minutes , the security guards or the police will have responded and arrested the guy patiently drilling holes in the wall .
Even though safes have been successfully manipulated , drilled , pried , lanced , or detonated , manufacturers still design strongboxes to thwart burglars , changing locks , adding glass discs , experimenting with new alloys , new shapes , and so on .
Inevitably , some thieves will figure out a way to thwart these safeguards , and design begins anew.That design pattern only works , if , once out of a zillion tries , the safe opens and the contents are essentially replicated instantly to everyone on the internet.Here is the slashdot car analogy .
Its my car with my car door lock , and I 'll do what I want with my precious unique angel of a car .
One in a billion people cracks the lock , and suddenly the entire world has a perfect digital copy of my precious " unique " car .
And they 'll do whatever they please with their copy of " my " car .
Ooops .</tokentext>
<sentencetext>No.
Consider a strongbox.
The best strongboxes, or safes are rated to withstand X minutes of attacking with Y Tools, with the idea being that within those X minutes, the security guards or the police will have responded and arrested the guy patiently drilling holes in the wall.
Even though safes have been successfully manipulated, drilled, pried, lanced, or detonated, manufacturers still design strongboxes to thwart burglars, changing locks, adding glass discs, experimenting with new alloys, new shapes, and so on.
Inevitably, some thieves will figure out a way to thwart these safeguards, and design begins anew.That design pattern only works, if, once out of a zillion tries, the safe opens and the contents are essentially replicated instantly to everyone on the internet.Here is the slashdot car analogy.
Its my car with my car door lock, and I'll do what I want with my precious unique angel of a car.
One in a billion people cracks the lock, and suddenly the entire world has a perfect digital copy of my precious "unique" car.
And they'll do whatever they please with their copy of "my" car.
Ooops.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074590</id>
	<title>Re:tpm?</title>
	<author>alvinrod</author>
	<datestamp>1265741040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>20 character passwords aren't hard if you use a <a href="http://en.wikipedia.org/wiki/Passphrase" title="wikipedia.org">passphrase</a> [wikipedia.org]. They're just as easy to memorize (if not easier) and vastly more secure. The only reason I don't use them for everything is that some online services put a limit on maximum password length. It's not really any harder to type in 20 characters than it is to type in 8 if you're good at typing. I understand that people are lazy, but good security doesn't need to be a string of 20 random characters, numbers, and symbols that are difficult to remember.</htmltext>
<tokenext>20 character passwords are n't hard if you use a passphrase [ wikipedia.org ] .
They 're just as easy to memorize ( if not easier ) and vastly more secure .
The only reason I do n't use them for everything is that some online services put a limit on maximum password length .
It 's not really any harder to type in 20 characters than it is to type in 8 if you 're good at typing .
I understand that people are lazy , but good security does n't need to be a string of 20 random characters , numbers , and symbols that are difficult to remember .</tokentext>
<sentencetext>20 character passwords aren't hard if you use a passphrase [wikipedia.org].
They're just as easy to memorize (if not easier) and vastly more secure.
The only reason I don't use them for everything is that some online services put a limit on maximum password length.
It's not really any harder to type in 20 characters than it is to type in 8 if you're good at typing.
I understand that people are lazy, but good security doesn't need to be a string of 20 random characters, numbers, and symbols that are difficult to remember.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076290</id>
	<title>Re:surprise surprise</title>
	<author>Anonymous</author>
	<datestamp>1265746680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The TPM should give administrators time to disable credentials in the case of a stolen laptop. But "secret forever" was and probably shall ever remain a pipe dream.</p></div><p>Sure, it can be done.  A One Time Pad offers theoretically perfect encryption, as long as you keep the pad separate from the message, and (as the name implies) only use the pad once.</p><p>Of course, there are many practical and logistical drawbacks to this approach, although if you want to keep something secret, OTP is definitely the way to go.</p></div>
	</htmltext>
<tokenext>The TPM should give administrators time to disable credentials in the case of a stolen laptop .
But " secret forever " was and probably shall ever remain a pipe dream.Sure , it can be done .
A One Time Pad offers theoretically perfect encryption , as long as you keep the pad separate from the message , and ( as the name implies ) only use the pad once.Of course , there are many practical and logistical drawbacks to this approach , although if you want to keep something secret , OTP is definitely the way to go .</tokentext>
<sentencetext>The TPM should give administrators time to disable credentials in the case of a stolen laptop.
But "secret forever" was and probably shall ever remain a pipe dream.Sure, it can be done.
A One Time Pad offers theoretically perfect encryption, as long as you keep the pad separate from the message, and (as the name implies) only use the pad once.Of course, there are many practical and logistical drawbacks to this approach, although if you want to keep something secret, OTP is definitely the way to go.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074244</id>
	<title>Step 1 - decap the chip without killing it</title>
	<author>sillivalley</author>
	<datestamp>1265739480000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>While decapping chips is done all the time in failure analysis labs, it isn't easy, and it's even harder if you're trying not to damage the chip (or yourself) in the process.<br> <br>
Decapping usually involves <b>concentrated</b> nitric and/or sulfuric acids.  Temperature control is important.  You want to carefully dissolve the plastic without destroying the lead frame and/or the bonding wires going from the lead frame to the die.  You also want to complete this process without losing any fingers or your eyesight -- <b>highly concentrated</b> acids.  Rinse carefully with deionized water and test to make sure the chip is still functional.<br> <br>
Now you can feed the chip to your electron beam probe, FIB mill, or just take pretty pictures.<br> <br>
Not the kind of thing you're going to do in your kitchen!</htmltext>
<tokenext>While decapping chips is done all the time in failure analysis labs , it is n't easy , and it 's even harder if you 're trying not to damage the chip ( or yourself ) in the process .
Decapping usually involves concentrated nitric and/or sulfuric acids .
Temperature control is important .
You want to carefully dissolve the plastic without destroying the lead frame and/or the bonding wires going from the lead frame to the die .
You also want to complete this process without losing any fingers or your eyesight -- highly concentrated acids .
Rinse carefully with deionized water and test to make sure the chip is still functional .
Now you can feed the chip to your electron beam probe , FIB mill , or just take pretty pictures .
Not the kind of thing you 're going to do in your kitchen !</tokentext>
<sentencetext>While decapping chips is done all the time in failure analysis labs, it isn't easy, and it's even harder if you're trying not to damage the chip (or yourself) in the process.
Decapping usually involves concentrated nitric and/or sulfuric acids.
Temperature control is important.
You want to carefully dissolve the plastic without destroying the lead frame and/or the bonding wires going from the lead frame to the die.
You also want to complete this process without losing any fingers or your eyesight -- highly concentrated acids.
Rinse carefully with deionized water and test to make sure the chip is still functional.
Now you can feed the chip to your electron beam probe, FIB mill, or just take pretty pictures.
Not the kind of thing you're going to do in your kitchen!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31080298</id>
	<title>Re:tpm?</title>
	<author>Anonymous</author>
	<datestamp>1265721120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>To encrypt something, you must have a 20-character password minimum to get 128-bit key strength.</p></div><p>For anyone wondering, this assumes that your password is generated using a cryptographically secure random generator which outputs in base95 (for the 95 printable ASCII characters).</p><p>If you're using base62 (alphanumeric characters, case sensitive) you need a randomly generated password of 22 characters.</p><p>If using base36 (case insensitive alphanumeric characters) you'd need at least 25 characters in your randomly generated password.</p><p>The critical thing is that your password must be generated using a secure random generator. Otherwise the entropy in your password will be weaker than expected due to patterns/biases people introduce when they keyboard mash their own "random" passwords. For instance, people generally include too many punctuation characters and numbers than you'd normally expect in a secure random password.</p></div>
	</htmltext>
<tokenext>To encrypt something , you must have a 20-character password minimum to get 128-bit key strength.For anyone wondering , this assumes that your password is generated using a cryptographically secure random generator which outputs in base95 ( for the 95 printable ASCII characters ) .If you 're using base62 ( alphanumeric characters , case sensitive ) you need a randomly generated password of 22 characters.If using base36 ( case insensitive alphanumeric characters ) you 'd need at least 25 characters in your randomly generated password.The critical thing is that your password must be generated using a secure random generator .
Otherwise the entropy in your password will be weaker than expected due to patterns/biases people introduce when they keyboard mash their own " random " passwords .
For instance , people generally include too many punctuation characters and numbers than you 'd normally expect in a secure random password .</tokentext>
<sentencetext>To encrypt something, you must have a 20-character password minimum to get 128-bit key strength.For anyone wondering, this assumes that your password is generated using a cryptographically secure random generator which outputs in base95 (for the 95 printable ASCII characters).If you're using base62 (alphanumeric characters, case sensitive) you need a randomly generated password of 22 characters.If using base36 (case insensitive alphanumeric characters) you'd need at least 25 characters in your randomly generated password.The critical thing is that your password must be generated using a secure random generator.
Otherwise the entropy in your password will be weaker than expected due to patterns/biases people introduce when they keyboard mash their own "random" passwords.
For instance, people generally include too many punctuation characters and numbers than you'd normally expect in a secure random password.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075452</id>
	<title>Re:Difficult?</title>
	<author>rochberg</author>
	<datestamp>1265743920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>[...] someone will eventually figure it out and <i>implement software to do it automatically</i> so any script kiddie can do it. Math -- crypto included -- is funny that way.</p></div><p>Did you read the article?  The security of cryptography is based on the lack of an efficient algorithm to do things like factoring large numbers or computing discrete logarithms.  This attack has nothing to do with any of that.  It is about destroying the chip casing and eavesdropping on the circuitry of the hardware.</p></div>
	</htmltext>
<tokenext>[ ... ] someone will eventually figure it out and implement software to do it automatically so any script kiddie can do it .
Math -- crypto included -- is funny that way.Did you read the article ?
The security of cryptography is based on the lack of an efficient algorithm to do things like factoring large numbers or computing discrete logarithms .
This attack has nothing to do with any of that .
It is about destroying the chip casing and eavesdropping on the circuitry of the hardware .</tokentext>
<sentencetext>[...] someone will eventually figure it out and implement software to do it automatically so any script kiddie can do it.
Math -- crypto included -- is funny that way.Did you read the article?
The security of cryptography is based on the lack of an efficient algorithm to do things like factoring large numbers or computing discrete logarithms.
This attack has nothing to do with any of that.
It is about destroying the chip casing and eavesdropping on the circuitry of the hardware.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079594</id>
	<title>Re:tpm?</title>
	<author>shentino</author>
	<datestamp>1265716920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Aha, there's a weakness right there.</p><p>Just like someone can use a gun to force you to give up the PIN on your card...</p><p>Besides, what good is having a 20 character password if a 5 or 7 character password can unlock it?</p></htmltext>
<tokenext>Aha , there 's a weakness right there.Just like someone can use a gun to force you to give up the PIN on your card...Besides , what good is having a 20 character password if a 5 or 7 character password can unlock it ?</tokentext>
<sentencetext>Aha, there's a weakness right there.Just like someone can use a gun to force you to give up the PIN on your card...Besides, what good is having a 20 character password if a 5 or 7 character password can unlock it?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075716</id>
	<title>Re:Obligatory XKCD</title>
	<author>Simetrical</author>
	<datestamp>1265744820000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p> <a href="http://xkcd.com/538/" title="xkcd.com">http://xkcd.com/538/</a> [xkcd.com] </p><p>If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles, then it's valuable enough to threaten the person with the password to divulge it.</p></div><p>Do you think China would be willing to steal a laptop with US state secrets on it?  Definitely.  Would they be willing to kidnap and torture the military officer or NSA employee who knows the password?  Not a chance &ndash; that's an act of war.

</p><p>(And no one but a foreign government would put this much effort into retrieving data from a computer.  Anything short of state secrets is not worth the effort.)</p></div>
	</htmltext>
<tokenext>http : //xkcd.com/538/ [ xkcd.com ] If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles , then it 's valuable enough to threaten the person with the password to divulge it.Do you think China would be willing to steal a laptop with US state secrets on it ?
Definitely. Would they be willing to kidnap and torture the military officer or NSA employee who knows the password ?
Not a chance    that 's an act of war .
( And no one but a foreign government would put this much effort into retrieving data from a computer .
Anything short of state secrets is not worth the effort .
)</tokentext>
<sentencetext> http://xkcd.com/538/ [xkcd.com] If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles, then it's valuable enough to threaten the person with the password to divulge it.Do you think China would be willing to steal a laptop with US state secrets on it?
Definitely.  Would they be willing to kidnap and torture the military officer or NSA employee who knows the password?
Not a chance – that's an act of war.
(And no one but a foreign government would put this much effort into retrieving data from a computer.
Anything short of state secrets is not worth the effort.
)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074128</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079162</id>
	<title>Re:Step 1 - decap the chip without killing it</title>
	<author>lazyforker</author>
	<datestamp>1265715180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Not the kind of thing you're going to do in your kitchen!</p></div><p>You haven't seen my cooking.</p></div>
	</htmltext>
<tokenext>Not the kind of thing you 're going to do in your kitchen ! You have n't seen my cooking .</tokentext>
<sentencetext>Not the kind of thing you're going to do in your kitchen!You haven't seen my cooking.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074244</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708</id>
	<title>tpm?</title>
	<author>Anonymous</author>
	<datestamp>1265737680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Can the summary at least explain wtf tpm is?</p></htmltext>
<tokenext>Can the summary at least explain wtf tpm is ?</tokentext>
<sentencetext>Can the summary at least explain wtf tpm is?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31082350</id>
	<title>Re:When will they learn</title>
	<author>Idiomatick</author>
	<datestamp>1265740500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>"Every password, every encryption key can be brute-forced, given enough time. "<br> <br>Not true, plenty of keys will take longer to crack (if you try brute)than it'll take for heat death to destroy the universe. Keys are selected in a manner that is sufficiently safe normally, IE 150yrs w/ current tech (Change the key every year). Sooo......</htmltext>
<tokenext>" Every password , every encryption key can be brute-forced , given enough time .
" Not true , plenty of keys will take longer to crack ( if you try brute ) than it 'll take for heat death to destroy the universe .
Keys are selected in a manner that is sufficiently safe normally , IE 150yrs w/ current tech ( Change the key every year ) .
Sooo..... .</tokentext>
<sentencetext>"Every password, every encryption key can be brute-forced, given enough time.
" Not true, plenty of keys will take longer to crack (if you try brute)than it'll take for heat death to destroy the universe.
Keys are selected in a manner that is sufficiently safe normally, IE 150yrs w/ current tech (Change the key every year).
Sooo......</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074008</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31077696</id>
	<title>Re:CHALLENGE TO TARNOVSKY</title>
	<author>imess</author>
	<datestamp>1265709180000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Surprising similar to another comment here:<br><a href="http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31074352" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31074352</a> [slashdot.org]</p></htmltext>
<tokenext>Surprising similar to another comment here : http : //hardware.slashdot.org/comments.pl ? sid = 1543104&amp;cid = 31074352 [ slashdot.org ]</tokentext>
<sentencetext>Surprising similar to another comment here:http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31074352 [slashdot.org]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075746</id>
	<title>Wait a minute...</title>
	<author>Anonymous</author>
	<datestamp>1265744940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Why don't you have him just sign something with that public key signature rather than divulging the private key to the world?</p><p>Perhaps a signed copy of the Gutenberg Press release of Aesop's fables???</p><p>
&nbsp; &nbsp; The Eagle and the Arrow</p><p>An Eagle was soaring through the air when suddenly it heard<br>the whizz of an Arrow, and felt itself wounded to death.  Slowly<br>it fluttered down to the earth, with its life-blood pouring out of<br>it.  Looking down upon the Arrow with which it had been pierced,<br>it found that the shaft of the Arrow had been feathered with one<br>of its own plumes.  "Alas!" it cried, as it died,</p><p>"We often give our enemies the means for our own destruction."</p></htmltext>
<tokenext>Why do n't you have him just sign something with that public key signature rather than divulging the private key to the world ? Perhaps a signed copy of the Gutenberg Press release of Aesop 's fables ? ? ?
    The Eagle and the ArrowAn Eagle was soaring through the air when suddenly it heardthe whizz of an Arrow , and felt itself wounded to death .
Slowlyit fluttered down to the earth , with its life-blood pouring out ofit .
Looking down upon the Arrow with which it had been pierced,it found that the shaft of the Arrow had been feathered with oneof its own plumes .
" Alas ! " it cried , as it died , " We often give our enemies the means for our own destruction .
"</tokentext>
<sentencetext>Why don't you have him just sign something with that public key signature rather than divulging the private key to the world?Perhaps a signed copy of the Gutenberg Press release of Aesop's fables???
    The Eagle and the ArrowAn Eagle was soaring through the air when suddenly it heardthe whizz of an Arrow, and felt itself wounded to death.
Slowlyit fluttered down to the earth, with its life-blood pouring out ofit.
Looking down upon the Arrow with which it had been pierced,it found that the shaft of the Arrow had been feathered with oneof its own plumes.
"Alas!" it cried, as it died,"We often give our enemies the means for our own destruction.
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074324</id>
	<title>Unlimited physical access.</title>
	<author>Anonymous</author>
	<datestamp>1265739840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This required physical access to the device.  If you have unlimited physical access to any device, digital or analog, you will eventually be able to crack it, assuming you have the available resources.  The key is to keep the bad guys from getting access in the first place, which isn't always possible.  Even the best security has numerous weak points, like the security guards that only make $40K a year, or people that leave their devices unattended in public places.</p><p>Probably best to store all critical information on punch cards and secure them in a burn safe guarded by people that are already multi-millionaires.</p></htmltext>
<tokenext>This required physical access to the device .
If you have unlimited physical access to any device , digital or analog , you will eventually be able to crack it , assuming you have the available resources .
The key is to keep the bad guys from getting access in the first place , which is n't always possible .
Even the best security has numerous weak points , like the security guards that only make $ 40K a year , or people that leave their devices unattended in public places.Probably best to store all critical information on punch cards and secure them in a burn safe guarded by people that are already multi-millionaires .</tokentext>
<sentencetext>This required physical access to the device.
If you have unlimited physical access to any device, digital or analog, you will eventually be able to crack it, assuming you have the available resources.
The key is to keep the bad guys from getting access in the first place, which isn't always possible.
Even the best security has numerous weak points, like the security guards that only make $40K a year, or people that leave their devices unattended in public places.Probably best to store all critical information on punch cards and secure them in a burn safe guarded by people that are already multi-millionaires.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678</id>
	<title>surprise surprise</title>
	<author>Anonymous</author>
	<datestamp>1265737560000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p><i>'near impossible'</i></p><p>Shouldn't that be 'near inevitable'?</p><p><i>Infineon said it knew this type of attack was possible when it was testing its chips.</i></p><p>Did they mention this in their marketing and when selling the TPM FUD to governments and companies?</p><p><i>"exceedingly difficult to replicate in a real-world environment."</i></p><p>Meaning only powerful criminal organizations, companies and governments can probably gather the<br>required resources and people with the expertise to pull it off? Out of 6.8 billion people, how<br>many have the resources to do this? 1000? 10,000? What about in 5 years?<br>At what point will they admit its flawed?  Probably when TPM2 is fully patented and ready.</p></htmltext>
<tokenext>'near impossible'Should n't that be 'near inevitable ' ? Infineon said it knew this type of attack was possible when it was testing its chips.Did they mention this in their marketing and when selling the TPM FUD to governments and companies ?
" exceedingly difficult to replicate in a real-world environment .
" Meaning only powerful criminal organizations , companies and governments can probably gather therequired resources and people with the expertise to pull it off ?
Out of 6.8 billion people , howmany have the resources to do this ?
1000 ? 10,000 ?
What about in 5 years ? At what point will they admit its flawed ?
Probably when TPM2 is fully patented and ready .</tokentext>
<sentencetext>'near impossible'Shouldn't that be 'near inevitable'?Infineon said it knew this type of attack was possible when it was testing its chips.Did they mention this in their marketing and when selling the TPM FUD to governments and companies?
"exceedingly difficult to replicate in a real-world environment.
"Meaning only powerful criminal organizations, companies and governments can probably gather therequired resources and people with the expertise to pull it off?
Out of 6.8 billion people, howmany have the resources to do this?
1000? 10,000?
What about in 5 years?At what point will they admit its flawed?
Probably when TPM2 is fully patented and ready.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074014</id>
	<title>Re:Yeah, this is going to be a major problem...</title>
	<author>Jeng</author>
	<datestamp>1265738700000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.</p></div><p>Yes, such as if the computer was stolen.  I don't know much about TPM, but I would hazard a guess that one of the selling points would be to keep information secure even if the computer it is in gets stolen.</p></div>
	</htmltext>
<tokenext>If the attacker has this much physical access to your system/data then you 've lost LONG before the TPM chip failed.Yes , such as if the computer was stolen .
I do n't know much about TPM , but I would hazard a guess that one of the selling points would be to keep information secure even if the computer it is in gets stolen .</tokentext>
<sentencetext>If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.Yes, such as if the computer was stolen.
I don't know much about TPM, but I would hazard a guess that one of the selling points would be to keep information secure even if the computer it is in gets stolen.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31101940</id>
	<title>Re:CHALLENGE TO TARNOVSKY</title>
	<author>Anonymous</author>
	<datestamp>1265915400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>I've been reading about this hack for days, but something seems fishy. Some of the <a href="http://www.computerworld.com/s/article/9151158/Black\_Hat\_Researcher\_claims\_hack\_of\_chip\_used\_to\_secure\_computers\_smartcards" title="computerworld.com" rel="nofollow">earlier reports</a> [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM.</p><p>However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.</p></div><p>go to youtube and search "blackhat 2010" and there are 8 parts to his talk.</p><p>he has hacked the entire family by playing with the xbox and tpm!  e-passports are dead!!!!!</p></div>
	</htmltext>
<tokenext>I 've been reading about this hack for days , but something seems fishy .
Some of the earlier reports [ computerworld.com ] had him hacking the SLE 66 CL processor chip which is embedded in the TPM , not the TPM itself .
This article also describes him as having to work with many copies of the chip to discover its secrets , but it has the chips being inexpensive ones from China .
Problem is that Infineon is a German company and I do n't think you can get Infineon TPMs cheaply from China .
Putting this together , it 's not clear to me that he has truly hacked an Infineon TPM .
He may have hacked a similar chip and he assumes that the same attack would work on TPM.However , there is a way for him to easily prove that he has done what he said .
Every Infineon TPM comes with an RSA secret key embedded in it , called the Endorsement Key or EK .
This key is designed to be kept secret and never revealed off-chip , not to the computer owner or anyone .
And Infineon TPMs also come with an X.509 certificate on the public part of the EK ( PUBEK ) , issued by Infineon .
If Tarnovsky has really hacked an Infineon TPM and is able to extract keys , he should be able to extract and publish the private part of the EK ( PRIVEK ) , along with the certificate by Infineon on that key .
The mere publication of these two pieces of data ( PRIVEK and Infineon-signed X.509 cert on PUBEK ) will prove that his claim is true.go to youtube and search " blackhat 2010 " and there are 8 parts to his talk.he has hacked the entire family by playing with the xbox and tpm !
e-passports are dead ! ! ! !
!</tokentext>
<sentencetext>I've been reading about this hack for days, but something seems fishy.
Some of the earlier reports [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself.
This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China.
Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China.
Putting this together, it's not clear to me that he has truly hacked an Infineon TPM.
He may have hacked a similar chip and he assumes that the same attack would work on TPM.However, there is a way for him to easily prove that he has done what he said.
Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK.
This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone.
And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon.
If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key.
The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.go to youtube and search "blackhat 2010" and there are 8 parts to his talk.he has hacked the entire family by playing with the xbox and tpm!
e-passports are dead!!!!
!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075882</id>
	<title>"Hacking"?</title>
	<author>rickb928</author>
	<datestamp>1265745360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This is hacking like sawing your front door out from the frame is picking the lock.  Yes, they got in.</p><p>Or, perhaps, like coming home from a trip, <a href="http://www.nydailynews.com/news/2009/07/20/2009-07-20\_esteemed\_harvard\_professor\_henry\_louis\_gates\_jr\_arrested\_while\_getting\_into\_his\_.html" title="nydailynews.com">kicking in your front door in Cambridge</a> [nydailynews.com], and having the neighbors watch in amusement.  With any luck, none of them would call 911 and tell the police that someone is busting into  the house next door.  Likewise, you will be losing your PC or notebook, but you will have some time to change your network and online passwords etc, if you're paying attention and not bound and gagged in the cave next door. Your hard drive, however, is fair game.  Truecrypt means never having to say 'what password'?</p><p>And you'll WISH they were the Cambridge police.</p><p>Of course, if they're serious, you're dead already.</p></htmltext>
<tokenext>This is hacking like sawing your front door out from the frame is picking the lock .
Yes , they got in.Or , perhaps , like coming home from a trip , kicking in your front door in Cambridge [ nydailynews.com ] , and having the neighbors watch in amusement .
With any luck , none of them would call 911 and tell the police that someone is busting into the house next door .
Likewise , you will be losing your PC or notebook , but you will have some time to change your network and online passwords etc , if you 're paying attention and not bound and gagged in the cave next door .
Your hard drive , however , is fair game .
Truecrypt means never having to say 'what password ' ? And you 'll WISH they were the Cambridge police.Of course , if they 're serious , you 're dead already .</tokentext>
<sentencetext>This is hacking like sawing your front door out from the frame is picking the lock.
Yes, they got in.Or, perhaps, like coming home from a trip, kicking in your front door in Cambridge [nydailynews.com], and having the neighbors watch in amusement.
With any luck, none of them would call 911 and tell the police that someone is busting into  the house next door.
Likewise, you will be losing your PC or notebook, but you will have some time to change your network and online passwords etc, if you're paying attention and not bound and gagged in the cave next door.
Your hard drive, however, is fair game.
Truecrypt means never having to say 'what password'?And you'll WISH they were the Cambridge police.Of course, if they're serious, you're dead already.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074712</id>
	<title>Re:When will they learn</title>
	<author>Opportunist</author>
	<datestamp>1265741460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"Physical access" in the time of PDAs, smartphones and laptops? Hardly a challenge.</p><p>Also don't forget that security is often also a matter of trust. If something is trusted to be "secure", additional layers of security are often ignored because THIS cannot be the leak, so we needn't add more security. I wouldn't deem it impossible that sensitive data may be stored on a TPM protected device because it is "impossible" to break it open, something that would certainly not be permitted if the device was not trusted.</p></htmltext>
<tokenext>" Physical access " in the time of PDAs , smartphones and laptops ?
Hardly a challenge.Also do n't forget that security is often also a matter of trust .
If something is trusted to be " secure " , additional layers of security are often ignored because THIS can not be the leak , so we need n't add more security .
I would n't deem it impossible that sensitive data may be stored on a TPM protected device because it is " impossible " to break it open , something that would certainly not be permitted if the device was not trusted .</tokentext>
<sentencetext>"Physical access" in the time of PDAs, smartphones and laptops?
Hardly a challenge.Also don't forget that security is often also a matter of trust.
If something is trusted to be "secure", additional layers of security are often ignored because THIS cannot be the leak, so we needn't add more security.
I wouldn't deem it impossible that sensitive data may be stored on a TPM protected device because it is "impossible" to break it open, something that would certainly not be permitted if the device was not trusted.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073974</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073896</id>
	<title>"high-skill"</title>
	<author>mdm-adph</author>
	<datestamp>1265738220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>"But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users."</i></p><p>You're kidding me, right?</p></htmltext>
<tokenext>" But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users .
" You 're kidding me , right ?</tokentext>
<sentencetext>"But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users.
"You're kidding me, right?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073872</id>
	<title>Am I getting old?</title>
	<author>jtownatpunk.net</author>
	<datestamp>1265738160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>When I saw TPM, the first thing I thought of was the CP/M variant that came with the Epson QX-10.</p></htmltext>
<tokenext>When I saw TPM , the first thing I thought of was the CP/M variant that came with the Epson QX-10 .</tokentext>
<sentencetext>When I saw TPM, the first thing I thought of was the CP/M variant that came with the Epson QX-10.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074266</id>
	<title>Re:Difficult?</title>
	<author>Monkeedude1212</author>
	<datestamp>1265739600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This is a hardware hack (see title).</p><p>In order to hack it, you need to do some stuff with your hands, you need the physical device. You can't hand this to a script kiddie and he'll be breaking into the NSA in no time.</p><p>I don't think its Infineon's responsibility for this "vulnerability" at all. You'd need to be someone within the same field as Christopher Tarnovsky, and someone with roughly as much knowledge. If you don't know who he is, look him up. He is pretty much at the top of his field.</p><p>This is like how your house is vulnerable because the lock on the front door can be picked by a lockpicking expert or locksmith. Yet - no one is complaining.</p></htmltext>
<tokenext>This is a hardware hack ( see title ) .In order to hack it , you need to do some stuff with your hands , you need the physical device .
You ca n't hand this to a script kiddie and he 'll be breaking into the NSA in no time.I do n't think its Infineon 's responsibility for this " vulnerability " at all .
You 'd need to be someone within the same field as Christopher Tarnovsky , and someone with roughly as much knowledge .
If you do n't know who he is , look him up .
He is pretty much at the top of his field.This is like how your house is vulnerable because the lock on the front door can be picked by a lockpicking expert or locksmith .
Yet - no one is complaining .</tokentext>
<sentencetext>This is a hardware hack (see title).In order to hack it, you need to do some stuff with your hands, you need the physical device.
You can't hand this to a script kiddie and he'll be breaking into the NSA in no time.I don't think its Infineon's responsibility for this "vulnerability" at all.
You'd need to be someone within the same field as Christopher Tarnovsky, and someone with roughly as much knowledge.
If you don't know who he is, look him up.
He is pretty much at the top of his field.This is like how your house is vulnerable because the lock on the front door can be picked by a lockpicking expert or locksmith.
Yet - no one is complaining.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076898</id>
	<title>Re:When will they learn</title>
	<author>Anonymous</author>
	<datestamp>1265706000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>A 100\% secure method does not exist in real life.</htmltext>
<tokenext>A 100 \ % secure method does not exist in real life .</tokentext>
<sentencetext>A 100\% secure method does not exist in real life.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078730</id>
	<title>Re:Infinitely Improbable == Finitely Probable</title>
	<author>Physics Dude</author>
	<datestamp>1265713200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>No. Actually, that was Virtual Impossibility == Finite Improbability.</htmltext>
<tokenext>No .
Actually , that was Virtual Impossibility = = Finite Improbability .</tokentext>
<sentencetext>No.
Actually, that was Virtual Impossibility == Finite Improbability.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074090</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074178</id>
	<title>It does not matter how hard it was/is.</title>
	<author>Yaa 101</author>
	<datestamp>1265739300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It does not matter how hard it was/is.</p><p>This message of success will assure that many other outfits will have a try at it for various reasons.</p><p>It's the proverbial ghost out of the bottle.</p></htmltext>
<tokenext>It does not matter how hard it was/is.This message of success will assure that many other outfits will have a try at it for various reasons.It 's the proverbial ghost out of the bottle .</tokentext>
<sentencetext>It does not matter how hard it was/is.This message of success will assure that many other outfits will have a try at it for various reasons.It's the proverbial ghost out of the bottle.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074978</id>
	<title>Re:Yeah, this is going to be a major problem...</title>
	<author>Anonymous</author>
	<datestamp>1265742480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Forget putting acid on the chip to get the passwords, just put acid on the owner til he gives you the password. Probably need a lot less acid that way.</p></htmltext>
<tokenext>Forget putting acid on the chip to get the passwords , just put acid on the owner til he gives you the password .
Probably need a lot less acid that way .</tokentext>
<sentencetext>Forget putting acid on the chip to get the passwords, just put acid on the owner til he gives you the password.
Probably need a lot less acid that way.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074014</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</id>
	<title>When will they learn</title>
	<author>santax</author>
	<datestamp>1265737920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext>That near impossible = possible = bad security.
The arrogance to think they are soooo smart and (almost) no-one will be able to crack their design. Well it only takes 1 person. But I am guessing about every secret service in the world already knew how to do this attack.</htmltext>
<tokenext>That near impossible = possible = bad security .
The arrogance to think they are soooo smart and ( almost ) no-one will be able to crack their design .
Well it only takes 1 person .
But I am guessing about every secret service in the world already knew how to do this attack .</tokentext>
<sentencetext>That near impossible = possible = bad security.
The arrogance to think they are soooo smart and (almost) no-one will be able to crack their design.
Well it only takes 1 person.
But I am guessing about every secret service in the world already knew how to do this attack.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31102090</id>
	<title>TPM, X360, E-PASSPORT are all hacked now</title>
	<author>Anonymous</author>
	<datestamp>1265916000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>To clarify-</p><p>Youtube search for "blackhat 2010" and watch his 8 part videos they posted everything.</p><p>This chip covers:</p><p>Xbox360<br>TPM<br>E-PASSPORTS   -------- this is the one everyone should care about.</p><p>Medical cards<br>Conditional access (think sat tv)</p><p>and the list goes on!</p><p>he didn't need to crack open any computers, he bought the parts on tape-n-reel from hkinventory.com</p><p>regards</p></htmltext>
<tokenext>To clarify-Youtube search for " blackhat 2010 " and watch his 8 part videos they posted everything.This chip covers : Xbox360TPME-PASSPORTS -------- this is the one everyone should care about.Medical cardsConditional access ( think sat tv ) and the list goes on ! he did n't need to crack open any computers , he bought the parts on tape-n-reel from hkinventory.comregards</tokentext>
<sentencetext>To clarify-Youtube search for "blackhat 2010" and watch his 8 part videos they posted everything.This chip covers:Xbox360TPME-PASSPORTS   -------- this is the one everyone should care about.Medical cardsConditional access (think sat tv)and the list goes on!he didn't need to crack open any computers, he bought the parts on tape-n-reel from hkinventory.comregards</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842</id>
	<title>Yeah, this is going to be a major problem...</title>
	<author>Admiralbumblebee</author>
	<datestamp>1265738040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>FTA "Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores. From there, he had to find the right communication channels to tap into using a very small needle."

<br>
<br>


If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.</htmltext>
<tokenext>FTA " Using off-the-shelf chemicals , Tarnovsky soaked chips in acid to dissolve their hard outer shells .
Then he applied rust remover to help take off layers of mesh wiring , to expose the chips ' cores .
From there , he had to find the right communication channels to tap into using a very small needle .
" If the attacker has this much physical access to your system/data then you 've lost LONG before the TPM chip failed .</tokentext>
<sentencetext>FTA "Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells.
Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores.
From there, he had to find the right communication channels to tap into using a very small needle.
"





If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074012</id>
	<title>Re:When will they learn</title>
	<author>Anonymous</author>
	<datestamp>1265738700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That's just ignorance. No attack against security is impossible to achieve. Per your silly little argument, that means all security is bad security.</p><p>Security is risk management. If a 'near impossible' attack costs an attacker $1000 to perform, then it's perfectly safe for me to store data that's only worth $999 to the attacker under protection vulnerable to that attack.</p><p>This attack requires physical access to the chip, and skill in chemically eroding the case of the chip to expose the guts of the chip.</p><p>That doesn't equate to bad security.</p></htmltext>
<tokenext>That 's just ignorance .
No attack against security is impossible to achieve .
Per your silly little argument , that means all security is bad security.Security is risk management .
If a 'near impossible ' attack costs an attacker $ 1000 to perform , then it 's perfectly safe for me to store data that 's only worth $ 999 to the attacker under protection vulnerable to that attack.This attack requires physical access to the chip , and skill in chemically eroding the case of the chip to expose the guts of the chip.That does n't equate to bad security .</tokentext>
<sentencetext>That's just ignorance.
No attack against security is impossible to achieve.
Per your silly little argument, that means all security is bad security.Security is risk management.
If a 'near impossible' attack costs an attacker $1000 to perform, then it's perfectly safe for me to store data that's only worth $999 to the attacker under protection vulnerable to that attack.This attack requires physical access to the chip, and skill in chemically eroding the case of the chip to expose the guts of the chip.That doesn't equate to bad security.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074462</id>
	<title>Re:When will they learn</title>
	<author>rwiggers</author>
	<datestamp>1265740500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Do you REALLY consider any form of encryption as impossible to crack? I'd say all of them are a matter of time.</p></htmltext>
<tokenext>Do you REALLY consider any form of encryption as impossible to crack ?
I 'd say all of them are a matter of time .</tokentext>
<sentencetext>Do you REALLY consider any form of encryption as impossible to crack?
I'd say all of them are a matter of time.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074148</id>
	<title>Re:When will they learn</title>
	<author>santax</author>
	<datestamp>1265739180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The best spies in the world had physical access to hardware which they were trusted to. But not to all the information on that computer. Now that goes for goverments, but if you telling me that your mobile, your laptop and your home-pc are always in your sights... and that no-one can open your locks undamaged. Well chapeau to you, but I wouldn't believe you.

This is a hack. This is how the spy-business works.</htmltext>
<tokenext>The best spies in the world had physical access to hardware which they were trusted to .
But not to all the information on that computer .
Now that goes for goverments , but if you telling me that your mobile , your laptop and your home-pc are always in your sights... and that no-one can open your locks undamaged .
Well chapeau to you , but I would n't believe you .
This is a hack .
This is how the spy-business works .</tokentext>
<sentencetext>The best spies in the world had physical access to hardware which they were trusted to.
But not to all the information on that computer.
Now that goes for goverments, but if you telling me that your mobile, your laptop and your home-pc are always in your sights... and that no-one can open your locks undamaged.
Well chapeau to you, but I wouldn't believe you.
This is a hack.
This is how the spy-business works.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073974</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074800</id>
	<title>Re:Does anyone know if this leads to a soft-hack</title>
	<author>zelbinion</author>
	<datestamp>1265741760000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Actually, most likely the keys stored inside the chip's non-volatile memory are probably encrypted, just to prevent that sort of attack.</p><p>I worked with similar technology in a previous job.  When Tarnovsky said "This chip is mean, man - it's like a ticking time bomb if you don't do something right,"</p><p>My guess is he wasn&rsquo;t kidding.  These sorts of chips have all sorts of counter measures to make this sort of attack difficult.  The algorithms built into the circuits on the chip are designed to make eavesdropping hard.  You can send different commands to the chip, and ask it to decode different amounts of data, but it will intentionally insert randomness into the time and number of operations to do the work to prevent you from gleaning information about what is going on inside the chip.  I&rsquo;m sure there are circuits that do nothing other than generate spurious electrical impulses so that trying to sense what the chip is doing remotely won&rsquo;t work.  The only way to even attempt an attack like this is to do what Tarnovsky did, and strip off the packaging.  Assuming you didn&rsquo;t just destroy it, even then you aren&rsquo;t home free.  I&rsquo;m sure there are other safe guards built into the chips.  Oh, did the voltage drop just now across that one circuit?  That&rsquo;s probably an attack &ndash; the chip just deleted the keys you were trying to recover and is now useless.  Did that operation take too long because someone hooked up their own custom circuit in an attempt to decode what was going on?  Yeah, that&rsquo;s out too bye bye secret keys  Interrupt the power to the key storage area for a nanosecond while you try to connect your probe?  I&rsquo;m sorry, you&rsquo;re done.  Did you just read out the data out of the protected storage out of sequence?  Well, not only is that data encrypted (and therefore useless), the chip detected it, and intentionally burned out a small inaccessible fuse buried inside the chip and bricked itself.  You&rsquo;re done.  Did you just inject an internal command with your probe that wasn't expected?  Yep, you just blew another fuse.  Go home.</p><p>You have to connect your probes in exactly the right place, in exactly the right way, and not disturb the electrical properties of the circuit you tapped into to prevent the chip from knowing that you are there and triggering a counter-measure.</p><p>I don&rsquo;t know which counter measures the TPM modules from Infineon implement, but if they are current with the sort of technology out there, this hack was really really super damn hard.</p><p>Sure, with enough time, money, skill, patience, and physical access to the machine, anything can eventually be broken.  The idea of the TPM was to make it expensive enough to hack that the average thief won&rsquo;t bother.  If you are relying on a TPM only to protect secrets on a mobile device (which can be stolen and then hacked by a well funded company or government) you either deserve what you got, or you&rsquo;ve made way too many well funded and motivated enemies.</p></htmltext>
<tokenext>Actually , most likely the keys stored inside the chip 's non-volatile memory are probably encrypted , just to prevent that sort of attack.I worked with similar technology in a previous job .
When Tarnovsky said " This chip is mean , man - it 's like a ticking time bomb if you do n't do something right , " My guess is he wasn    t kidding .
These sorts of chips have all sorts of counter measures to make this sort of attack difficult .
The algorithms built into the circuits on the chip are designed to make eavesdropping hard .
You can send different commands to the chip , and ask it to decode different amounts of data , but it will intentionally insert randomness into the time and number of operations to do the work to prevent you from gleaning information about what is going on inside the chip .
I    m sure there are circuits that do nothing other than generate spurious electrical impulses so that trying to sense what the chip is doing remotely won    t work .
The only way to even attempt an attack like this is to do what Tarnovsky did , and strip off the packaging .
Assuming you didn    t just destroy it , even then you aren    t home free .
I    m sure there are other safe guards built into the chips .
Oh , did the voltage drop just now across that one circuit ?
That    s probably an attack    the chip just deleted the keys you were trying to recover and is now useless .
Did that operation take too long because someone hooked up their own custom circuit in an attempt to decode what was going on ?
Yeah , that    s out too bye bye secret keys Interrupt the power to the key storage area for a nanosecond while you try to connect your probe ?
I    m sorry , you    re done .
Did you just read out the data out of the protected storage out of sequence ?
Well , not only is that data encrypted ( and therefore useless ) , the chip detected it , and intentionally burned out a small inaccessible fuse buried inside the chip and bricked itself .
You    re done .
Did you just inject an internal command with your probe that was n't expected ?
Yep , you just blew another fuse .
Go home.You have to connect your probes in exactly the right place , in exactly the right way , and not disturb the electrical properties of the circuit you tapped into to prevent the chip from knowing that you are there and triggering a counter-measure.I don    t know which counter measures the TPM modules from Infineon implement , but if they are current with the sort of technology out there , this hack was really really super damn hard.Sure , with enough time , money , skill , patience , and physical access to the machine , anything can eventually be broken .
The idea of the TPM was to make it expensive enough to hack that the average thief won    t bother .
If you are relying on a TPM only to protect secrets on a mobile device ( which can be stolen and then hacked by a well funded company or government ) you either deserve what you got , or you    ve made way too many well funded and motivated enemies .</tokentext>
<sentencetext>Actually, most likely the keys stored inside the chip's non-volatile memory are probably encrypted, just to prevent that sort of attack.I worked with similar technology in a previous job.
When Tarnovsky said "This chip is mean, man - it's like a ticking time bomb if you don't do something right,"My guess is he wasn’t kidding.
These sorts of chips have all sorts of counter measures to make this sort of attack difficult.
The algorithms built into the circuits on the chip are designed to make eavesdropping hard.
You can send different commands to the chip, and ask it to decode different amounts of data, but it will intentionally insert randomness into the time and number of operations to do the work to prevent you from gleaning information about what is going on inside the chip.
I’m sure there are circuits that do nothing other than generate spurious electrical impulses so that trying to sense what the chip is doing remotely won’t work.
The only way to even attempt an attack like this is to do what Tarnovsky did, and strip off the packaging.
Assuming you didn’t just destroy it, even then you aren’t home free.
I’m sure there are other safe guards built into the chips.
Oh, did the voltage drop just now across that one circuit?
That’s probably an attack – the chip just deleted the keys you were trying to recover and is now useless.
Did that operation take too long because someone hooked up their own custom circuit in an attempt to decode what was going on?
Yeah, that’s out too bye bye secret keys  Interrupt the power to the key storage area for a nanosecond while you try to connect your probe?
I’m sorry, you’re done.
Did you just read out the data out of the protected storage out of sequence?
Well, not only is that data encrypted (and therefore useless), the chip detected it, and intentionally burned out a small inaccessible fuse buried inside the chip and bricked itself.
You’re done.
Did you just inject an internal command with your probe that wasn't expected?
Yep, you just blew another fuse.
Go home.You have to connect your probes in exactly the right place, in exactly the right way, and not disturb the electrical properties of the circuit you tapped into to prevent the chip from knowing that you are there and triggering a counter-measure.I don’t know which counter measures the TPM modules from Infineon implement, but if they are current with the sort of technology out there, this hack was really really super damn hard.Sure, with enough time, money, skill, patience, and physical access to the machine, anything can eventually be broken.
The idea of the TPM was to make it expensive enough to hack that the average thief won’t bother.
If you are relying on a TPM only to protect secrets on a mobile device (which can be stolen and then hacked by a well funded company or government) you either deserve what you got, or you’ve made way too many well funded and motivated enemies.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073942</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075682</id>
	<title>Re:tpm?</title>
	<author>mcgrew</author>
	<datestamp>1265744760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>And they're still better than telling your users to memorize 20 char passwords (which they would just write down).<br></i><br>This is one of thos "dont's" I just don't get. I keep passwords written down, and in my wallet with my money and other things that are as important or moreso than passwords. Plus I disguise them as other things, like phone numbers.</p><p>A post-it note on the monitor I agree is stupid, but in my wallet?</p></htmltext>
<tokenext>And they 're still better than telling your users to memorize 20 char passwords ( which they would just write down ) .This is one of thos " dont 's " I just do n't get .
I keep passwords written down , and in my wallet with my money and other things that are as important or moreso than passwords .
Plus I disguise them as other things , like phone numbers.A post-it note on the monitor I agree is stupid , but in my wallet ?</tokentext>
<sentencetext>And they're still better than telling your users to memorize 20 char passwords (which they would just write down).This is one of thos "dont's" I just don't get.
I keep passwords written down, and in my wallet with my money and other things that are as important or moreso than passwords.
Plus I disguise them as other things, like phone numbers.A post-it note on the monitor I agree is stupid, but in my wallet?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074588</id>
	<title>Re:surprise surprise</title>
	<author>Opportunist</author>
	<datestamp>1265740980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>What part of it can be automatized? As soon as that is a possibility, it becomes trivial to execute for anyone.</p><p>Cracking computer games with "professional" copy protection requires specialized knowledge as well, as well as a few key tools and the knowledge how to operate them. Yet it can be fully automatized once it has been done once and thus anyone can apply a crack. Cracking the protection of consoles requires a lot of knowledge and information, yet applying it requires a soldering iron and a chip (either bought or selfmade). How much of that TPM hack can be streamlined and dumbed down until all the potential attacker needs is a list of hardware to buy and some programs to run?</p><p>And suddenly those 1000 multiply.</p></htmltext>
<tokenext>What part of it can be automatized ?
As soon as that is a possibility , it becomes trivial to execute for anyone.Cracking computer games with " professional " copy protection requires specialized knowledge as well , as well as a few key tools and the knowledge how to operate them .
Yet it can be fully automatized once it has been done once and thus anyone can apply a crack .
Cracking the protection of consoles requires a lot of knowledge and information , yet applying it requires a soldering iron and a chip ( either bought or selfmade ) .
How much of that TPM hack can be streamlined and dumbed down until all the potential attacker needs is a list of hardware to buy and some programs to run ? And suddenly those 1000 multiply .</tokentext>
<sentencetext>What part of it can be automatized?
As soon as that is a possibility, it becomes trivial to execute for anyone.Cracking computer games with "professional" copy protection requires specialized knowledge as well, as well as a few key tools and the knowledge how to operate them.
Yet it can be fully automatized once it has been done once and thus anyone can apply a crack.
Cracking the protection of consoles requires a lot of knowledge and information, yet applying it requires a soldering iron and a chip (either bought or selfmade).
How much of that TPM hack can be streamlined and dumbed down until all the potential attacker needs is a list of hardware to buy and some programs to run?And suddenly those 1000 multiply.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074176</id>
	<title>Re:When will they learn</title>
	<author>Anonymous</author>
	<datestamp>1265739300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>No security is 100\%. Anything that you come up with to secure your computer can be cracked, and they know that, they even say it if you read the article and press releases by the company. This issue here is that Christopher Tarnovsky is one of the top hardware guys in the business, and it took him 6 months to figure the damn thing out. Even with all his notes, a map, and a compass most human beings would not be able to pull this hack off. The security offered by these chips is still pretty damn good.</p></htmltext>
<tokenext>No security is 100 \ % .
Anything that you come up with to secure your computer can be cracked , and they know that , they even say it if you read the article and press releases by the company .
This issue here is that Christopher Tarnovsky is one of the top hardware guys in the business , and it took him 6 months to figure the damn thing out .
Even with all his notes , a map , and a compass most human beings would not be able to pull this hack off .
The security offered by these chips is still pretty damn good .</tokentext>
<sentencetext>No security is 100\%.
Anything that you come up with to secure your computer can be cracked, and they know that, they even say it if you read the article and press releases by the company.
This issue here is that Christopher Tarnovsky is one of the top hardware guys in the business, and it took him 6 months to figure the damn thing out.
Even with all his notes, a map, and a compass most human beings would not be able to pull this hack off.
The security offered by these chips is still pretty damn good.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076408</id>
	<title>Xbox jailbreak?</title>
	<author>tomtomtom</author>
	<datestamp>1265747280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The article (briefly) mentions that the Xbox uses the vulnerable Infineon TPMs. I wonder if this hack will make it any easier to find the Xbox 360's CPU key and thus make it easier to jailbreak a fully patched console?</htmltext>
<tokenext>The article ( briefly ) mentions that the Xbox uses the vulnerable Infineon TPMs .
I wonder if this hack will make it any easier to find the Xbox 360 's CPU key and thus make it easier to jailbreak a fully patched console ?</tokentext>
<sentencetext>The article (briefly) mentions that the Xbox uses the vulnerable Infineon TPMs.
I wonder if this hack will make it any easier to find the Xbox 360's CPU key and thus make it easier to jailbreak a fully patched console?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079674</id>
	<title>Re:Attack is Out of Scope</title>
	<author>Anonymous</author>
	<datestamp>1265717400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>A TPM is good at providing transparent protection so if a laptop is stolen, the fence who received the laptop from the street crackhead would format it.  The data won't be retrievable.  If someone is going to spend the money to decap a chip, they will have the resources to attach an IEEE1394 card or some other item that can read from a bus and pull the decryption key for the system volume from RAM when the machine is on.</p><p>What I do on a laptop is use a TPM chip + BitLocker in combination with TrueCrypt and a smart card (Aladdin eToken).  I store client projects in individual TC containers, and unmount them when not needed.  This way, should an attacker manage to get past the volume encryption, they still won't be able to get access to the TC volumes, especially if I still have the smart card in my possession.</p></htmltext>
<tokenext>A TPM is good at providing transparent protection so if a laptop is stolen , the fence who received the laptop from the street crackhead would format it .
The data wo n't be retrievable .
If someone is going to spend the money to decap a chip , they will have the resources to attach an IEEE1394 card or some other item that can read from a bus and pull the decryption key for the system volume from RAM when the machine is on.What I do on a laptop is use a TPM chip + BitLocker in combination with TrueCrypt and a smart card ( Aladdin eToken ) .
I store client projects in individual TC containers , and unmount them when not needed .
This way , should an attacker manage to get past the volume encryption , they still wo n't be able to get access to the TC volumes , especially if I still have the smart card in my possession .</tokentext>
<sentencetext>A TPM is good at providing transparent protection so if a laptop is stolen, the fence who received the laptop from the street crackhead would format it.
The data won't be retrievable.
If someone is going to spend the money to decap a chip, they will have the resources to attach an IEEE1394 card or some other item that can read from a bus and pull the decryption key for the system volume from RAM when the machine is on.What I do on a laptop is use a TPM chip + BitLocker in combination with TrueCrypt and a smart card (Aladdin eToken).
I store client projects in individual TC containers, and unmount them when not needed.
This way, should an attacker manage to get past the volume encryption, they still won't be able to get access to the TC volumes, especially if I still have the smart card in my possession.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075840</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076058</id>
	<title>Re:tpm?</title>
	<author>ArcCoyote</author>
	<datestamp>1265745900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Let me fix that for you: You meant it has never been PUBLICLY RELEASED before.</p><p>If one guy working alone can manage to do it, the intelligence agencies of several nations did it a long time ago. And don't kid yourself, a TPM chip is nothing compared to the kind of hardened devices said agencies trust with their data.</p><p>At the physical level, data has to be in the clear somewhere. If you have the tools and the skill, an intrusive hardware attack against a single device is much less complicated than, say, cracking good crypto or finding a vulnerability that works on every device of that type.</p></htmltext>
<tokenext>Let me fix that for you : You meant it has never been PUBLICLY RELEASED before.If one guy working alone can manage to do it , the intelligence agencies of several nations did it a long time ago .
And do n't kid yourself , a TPM chip is nothing compared to the kind of hardened devices said agencies trust with their data.At the physical level , data has to be in the clear somewhere .
If you have the tools and the skill , an intrusive hardware attack against a single device is much less complicated than , say , cracking good crypto or finding a vulnerability that works on every device of that type .</tokentext>
<sentencetext>Let me fix that for you: You meant it has never been PUBLICLY RELEASED before.If one guy working alone can manage to do it, the intelligence agencies of several nations did it a long time ago.
And don't kid yourself, a TPM chip is nothing compared to the kind of hardened devices said agencies trust with their data.At the physical level, data has to be in the clear somewhere.
If you have the tools and the skill, an intrusive hardware attack against a single device is much less complicated than, say, cracking good crypto or finding a vulnerability that works on every device of that type.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074108</id>
	<title>Maybe it's time to rethink "digital everything"...</title>
	<author>logicassasin</author>
	<datestamp>1265739000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Seriously... We're reading about how Chinese baddies are doing this and that to gain access to secrets and whatnot and it seems like every few weeks some previously unbreakable form of encryption has been compromised. Maybe it's time to greatly reduce our dependency on the digital world to secure trade and state secrets. I mean... Laptops and phones are lost/stolen all the time, why would anyone in their right mind trust transporting state secrets on a flippin' laptop??? We all know it happens and we all know it's just a matter of time before something horrible happens because some high ranking official has his laptop stolen while playing "toe tap" in the bathroom stalls of some random airport.</p></htmltext>
<tokenext>Seriously... We 're reading about how Chinese baddies are doing this and that to gain access to secrets and whatnot and it seems like every few weeks some previously unbreakable form of encryption has been compromised .
Maybe it 's time to greatly reduce our dependency on the digital world to secure trade and state secrets .
I mean... Laptops and phones are lost/stolen all the time , why would anyone in their right mind trust transporting state secrets on a flippin ' laptop ? ? ?
We all know it happens and we all know it 's just a matter of time before something horrible happens because some high ranking official has his laptop stolen while playing " toe tap " in the bathroom stalls of some random airport .</tokentext>
<sentencetext>Seriously... We're reading about how Chinese baddies are doing this and that to gain access to secrets and whatnot and it seems like every few weeks some previously unbreakable form of encryption has been compromised.
Maybe it's time to greatly reduce our dependency on the digital world to secure trade and state secrets.
I mean... Laptops and phones are lost/stolen all the time, why would anyone in their right mind trust transporting state secrets on a flippin' laptop???
We all know it happens and we all know it's just a matter of time before something horrible happens because some high ranking official has his laptop stolen while playing "toe tap" in the bathroom stalls of some random airport.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074408</id>
	<title>This is good news</title>
	<author>Anonymous</author>
	<datestamp>1265740200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>When the computer is trying to protect its owner's secrets, the key should be in the owner's head, not stored in a chip.</p><p>If the owner of the device knows the keys that will decrypt their data, then having physical access <em>should</em> get them everything they want.  Defeating TPM shouldn't be a problem, because TPM shouldn't be relied on in the first place. If you're using TPM in this situation, then your system is mis-designed and you needed to fix that even before TPM was defeated.</p><p>That type of scenario aside, the most common use for TPM that people talk about, is where the owner knows what they're supposed to know, but the chip is supposed to still treat them as hostile and not let them access whatever they want.  We're talking about DRM.  That is not a legitimate case and The World Won't Miss You.</p></htmltext>
<tokenext>When the computer is trying to protect its owner 's secrets , the key should be in the owner 's head , not stored in a chip.If the owner of the device knows the keys that will decrypt their data , then having physical access should get them everything they want .
Defeating TPM should n't be a problem , because TPM should n't be relied on in the first place .
If you 're using TPM in this situation , then your system is mis-designed and you needed to fix that even before TPM was defeated.That type of scenario aside , the most common use for TPM that people talk about , is where the owner knows what they 're supposed to know , but the chip is supposed to still treat them as hostile and not let them access whatever they want .
We 're talking about DRM .
That is not a legitimate case and The World Wo n't Miss You .</tokentext>
<sentencetext>When the computer is trying to protect its owner's secrets, the key should be in the owner's head, not stored in a chip.If the owner of the device knows the keys that will decrypt their data, then having physical access should get them everything they want.
Defeating TPM shouldn't be a problem, because TPM shouldn't be relied on in the first place.
If you're using TPM in this situation, then your system is mis-designed and you needed to fix that even before TPM was defeated.That type of scenario aside, the most common use for TPM that people talk about, is where the owner knows what they're supposed to know, but the chip is supposed to still treat them as hostile and not let them access whatever they want.
We're talking about DRM.
That is not a legitimate case and The World Won't Miss You.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352</id>
	<title>CHALLENGE TO TARNOVSKY</title>
	<author>Anonymous</author>
	<datestamp>1265739960000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>I've been reading about this hack for days, but something seems fishy. Some of the <a href="http://www.computerworld.com/s/article/9151158/Black\_Hat\_Researcher\_claims\_hack\_of\_chip\_used\_to\_secure\_computers\_smartcards" title="computerworld.com" rel="nofollow">earlier reports</a> [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM.</p><p>However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.</p></htmltext>
<tokenext>I 've been reading about this hack for days , but something seems fishy .
Some of the earlier reports [ computerworld.com ] had him hacking the SLE 66 CL processor chip which is embedded in the TPM , not the TPM itself .
This article also describes him as having to work with many copies of the chip to discover its secrets , but it has the chips being inexpensive ones from China .
Problem is that Infineon is a German company and I do n't think you can get Infineon TPMs cheaply from China .
Putting this together , it 's not clear to me that he has truly hacked an Infineon TPM .
He may have hacked a similar chip and he assumes that the same attack would work on TPM.However , there is a way for him to easily prove that he has done what he said .
Every Infineon TPM comes with an RSA secret key embedded in it , called the Endorsement Key or EK .
This key is designed to be kept secret and never revealed off-chip , not to the computer owner or anyone .
And Infineon TPMs also come with an X.509 certificate on the public part of the EK ( PUBEK ) , issued by Infineon .
If Tarnovsky has really hacked an Infineon TPM and is able to extract keys , he should be able to extract and publish the private part of the EK ( PRIVEK ) , along with the certificate by Infineon on that key .
The mere publication of these two pieces of data ( PRIVEK and Infineon-signed X.509 cert on PUBEK ) will prove that his claim is true .</tokentext>
<sentencetext>I've been reading about this hack for days, but something seems fishy.
Some of the earlier reports [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself.
This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China.
Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China.
Putting this together, it's not clear to me that he has truly hacked an Infineon TPM.
He may have hacked a similar chip and he assumes that the same attack would work on TPM.However, there is a way for him to easily prove that he has done what he said.
Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK.
This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone.
And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon.
If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key.
The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31086198</id>
	<title>Re:Step 1 - decap the chip without killing it</title>
	<author>marcosdumay</author>
	<datestamp>1265042160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You probably won't feed it into an electron beam probe, since you want to read the contents of flash memory. You'll probably need some (very hight impedance) contact probe.</htmltext>
<tokenext>You probably wo n't feed it into an electron beam probe , since you want to read the contents of flash memory .
You 'll probably need some ( very hight impedance ) contact probe .</tokentext>
<sentencetext>You probably won't feed it into an electron beam probe, since you want to read the contents of flash memory.
You'll probably need some (very hight impedance) contact probe.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074244</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075290</id>
	<title>Re:tpm?</title>
	<author>JesseMcDonald</author>
	<datestamp>1265743440000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>If you're going to use a passphrase then you'll need much more than 20 characters to get 128 bits of entropy:</p><p><div class="quote"><p>Considering that the entropy of written English is less than 1.1 bits per character, pass phrases can be relatively weak. NIST has estimated that the 23 character pass phrase "IamtheCapitanofthePina4" contains a 45 bit-strength.... Using this guideline, to achieve the 80 bit-strength recommended for high security (non-military) by NIST, a passphrase would need to be 58 characters long, assuming a composition that includes uppercase and alphanumeric. (<a href="http://en.wikipedia.org/w/index.php?title=Passphrase&amp;oldid=338059365" title="wikipedia.org">Wikipedia</a> [wikipedia.org])</p></div><p>To get 128 bits of entropy would require about 20 words. I don't know about you, but to me it seems that 20 non-obvious words would be about as hard to remember as 20 random characters, while being much less convenient to type.</p></div>
	</htmltext>
<tokenext>If you 're going to use a passphrase then you 'll need much more than 20 characters to get 128 bits of entropy : Considering that the entropy of written English is less than 1.1 bits per character , pass phrases can be relatively weak .
NIST has estimated that the 23 character pass phrase " IamtheCapitanofthePina4 " contains a 45 bit-strength.... Using this guideline , to achieve the 80 bit-strength recommended for high security ( non-military ) by NIST , a passphrase would need to be 58 characters long , assuming a composition that includes uppercase and alphanumeric .
( Wikipedia [ wikipedia.org ] ) To get 128 bits of entropy would require about 20 words .
I do n't know about you , but to me it seems that 20 non-obvious words would be about as hard to remember as 20 random characters , while being much less convenient to type .</tokentext>
<sentencetext>If you're going to use a passphrase then you'll need much more than 20 characters to get 128 bits of entropy:Considering that the entropy of written English is less than 1.1 bits per character, pass phrases can be relatively weak.
NIST has estimated that the 23 character pass phrase "IamtheCapitanofthePina4" contains a 45 bit-strength.... Using this guideline, to achieve the 80 bit-strength recommended for high security (non-military) by NIST, a passphrase would need to be 58 characters long, assuming a composition that includes uppercase and alphanumeric.
(Wikipedia [wikipedia.org])To get 128 bits of entropy would require about 20 words.
I don't know about you, but to me it seems that 20 non-obvious words would be about as hard to remember as 20 random characters, while being much less convenient to type.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074590</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075014</id>
	<title>reproduceable</title>
	<author>warchildx</author>
	<datestamp>1265742600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>After details of the initial hard hack are made public, a circuit can be built to connect a circuit directly to the chip without having to disassemble the chip itself again. (this was already done initially).  therefore, ***Buy/build this 10 minute circuit, clip pins 1 and 2 of transistor to chip pins x and z, and output to chip output pin y. now you are always trusted (bypass this chip essentially).
<br> <br>
1) take christopher's (from article) data about pinouts of chip, and design circuit to bypass.<br>
2) sell readykit or circuit plans on intertubes<br>
3) every script kiddy/foreign government/etc can simply pop the keyboard off a laptop, hook up the circuit, and start hacking away at whatever drive encryption is in use.<br>
4) Deja-vue *example: Read contents of chip without removing from motherboard* - (http://www.llamma.com/xbox/Repairs/Reading\_Xbox\_Hdd\_key.htm)<br>
5) Profit!</htmltext>
<tokenext>After details of the initial hard hack are made public , a circuit can be built to connect a circuit directly to the chip without having to disassemble the chip itself again .
( this was already done initially ) .
therefore , * * * Buy/build this 10 minute circuit , clip pins 1 and 2 of transistor to chip pins x and z , and output to chip output pin y. now you are always trusted ( bypass this chip essentially ) .
1 ) take christopher 's ( from article ) data about pinouts of chip , and design circuit to bypass .
2 ) sell readykit or circuit plans on intertubes 3 ) every script kiddy/foreign government/etc can simply pop the keyboard off a laptop , hook up the circuit , and start hacking away at whatever drive encryption is in use .
4 ) Deja-vue * example : Read contents of chip without removing from motherboard * - ( http : //www.llamma.com/xbox/Repairs/Reading \ _Xbox \ _Hdd \ _key.htm ) 5 ) Profit !</tokentext>
<sentencetext>After details of the initial hard hack are made public, a circuit can be built to connect a circuit directly to the chip without having to disassemble the chip itself again.
(this was already done initially).
therefore, ***Buy/build this 10 minute circuit, clip pins 1 and 2 of transistor to chip pins x and z, and output to chip output pin y. now you are always trusted (bypass this chip essentially).
1) take christopher's (from article) data about pinouts of chip, and design circuit to bypass.
2) sell readykit or circuit plans on intertubes
3) every script kiddy/foreign government/etc can simply pop the keyboard off a laptop, hook up the circuit, and start hacking away at whatever drive encryption is in use.
4) Deja-vue *example: Read contents of chip without removing from motherboard* - (http://www.llamma.com/xbox/Repairs/Reading\_Xbox\_Hdd\_key.htm)
5) Profit!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076474</id>
	<title>Re:Difficult?</title>
	<author>Anonymous</author>
	<datestamp>1265747520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>To be fair, this kind of attack usually results in the discovery of other avenues of attack (logical implementation flaws, side band leaks,<nobr> <wbr></nobr>...), so this open heart operation of this particular TPM might foreshadow the availability of a less involved hack. This is how Mifare and other smart cards fell.</p></htmltext>
<tokenext>To be fair , this kind of attack usually results in the discovery of other avenues of attack ( logical implementation flaws , side band leaks , ... ) , so this open heart operation of this particular TPM might foreshadow the availability of a less involved hack .
This is how Mifare and other smart cards fell .</tokentext>
<sentencetext>To be fair, this kind of attack usually results in the discovery of other avenues of attack (logical implementation flaws, side band leaks, ...), so this open heart operation of this particular TPM might foreshadow the availability of a less involved hack.
This is how Mifare and other smart cards fell.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074296</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078774</id>
	<title>Physical Access?</title>
	<author>CherniyVolk</author>
	<datestamp>1265713380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Even in my earliest days, physical access to a box meant, my box.  So to speak.</p><p>I'm not surprised that this system has been cracked.  With sufficient knowledge of a system, with reasonable tools and physical access to a system, that system is likely to be compromised, plain and simple.  This is a hardware hack, and I'm always fascinated with hardware hacks, bare metal hacks seem really cool; but I don't think they are "near impossible".</p><p>I applaud his hardware hack, but in light of the expectation of "near impossible", I'll be moving on to the next article.</p></htmltext>
<tokenext>Even in my earliest days , physical access to a box meant , my box .
So to speak.I 'm not surprised that this system has been cracked .
With sufficient knowledge of a system , with reasonable tools and physical access to a system , that system is likely to be compromised , plain and simple .
This is a hardware hack , and I 'm always fascinated with hardware hacks , bare metal hacks seem really cool ; but I do n't think they are " near impossible " .I applaud his hardware hack , but in light of the expectation of " near impossible " , I 'll be moving on to the next article .</tokentext>
<sentencetext>Even in my earliest days, physical access to a box meant, my box.
So to speak.I'm not surprised that this system has been cracked.
With sufficient knowledge of a system, with reasonable tools and physical access to a system, that system is likely to be compromised, plain and simple.
This is a hardware hack, and I'm always fascinated with hardware hacks, bare metal hacks seem really cool; but I don't think they are "near impossible".I applaud his hardware hack, but in light of the expectation of "near impossible", I'll be moving on to the next article.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076604</id>
	<title>Meh</title>
	<author>Anonymous</author>
	<datestamp>1265748000000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>I used to go by the name BoyHowdy when i was hacking DTV, I made a small circuit that used 3 hcttl chips to glitch the H cards that were killed on Black Sunday. I can say that this guy is for real, arrogant or not.</p></htmltext>
<tokenext>I used to go by the name BoyHowdy when i was hacking DTV , I made a small circuit that used 3 hcttl chips to glitch the H cards that were killed on Black Sunday .
I can say that this guy is for real , arrogant or not .</tokentext>
<sentencetext>I used to go by the name BoyHowdy when i was hacking DTV, I made a small circuit that used 3 hcttl chips to glitch the H cards that were killed on Black Sunday.
I can say that this guy is for real, arrogant or not.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074122</id>
	<title>Re:Difficult?</title>
	<author>Anonymous</author>
	<datestamp>1265739060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Read the goddamn article. "Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores. From there, he had to find the right communication channels to tap into using a very small needle."<br>Good luck writing software that does this automatically.</p></htmltext>
<tokenext>Read the goddamn article .
" Using off-the-shelf chemicals , Tarnovsky soaked chips in acid to dissolve their hard outer shells .
Then he applied rust remover to help take off layers of mesh wiring , to expose the chips ' cores .
From there , he had to find the right communication channels to tap into using a very small needle .
" Good luck writing software that does this automatically .</tokentext>
<sentencetext>Read the goddamn article.
"Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells.
Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores.
From there, he had to find the right communication channels to tap into using a very small needle.
"Good luck writing software that does this automatically.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31077980</id>
	<title>what the hell?</title>
	<author>Anonymous</author>
	<datestamp>1265710380000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>This looks like TriSexualPuppy and SiliconEntity enjoying a game of MadLibs...
<br> <br>
<a href="http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31076056" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31076056</a> [slashdot.org]<p><div class="quote"><p>I have been researching on this hack for hours upon hours, and something just doesn't add up. Earlier reports were of him cracking the SLE 66 CL which is embedded in the TPM but is NOT the TPM itself. The chips he has been using are cheap ones from China. The issue at hand is that Infineon is a German company, just a little different from your run-of-the-mill Chinese company. When you sum these things up, you can't really surmise that he has in fact cracked the Infineon TPM. So what if he has hacked a similar chip? You can't just go around saying that you have cracked a top-of-the-line Infineon. Every chip is NOT created equally.

On the flip side, there is an easy way for him to prove me wrong. Every Infineon TPM comes with an Endorsement Key, basically an RSA secret key. The purpose of this key is that it should be kept secret and never realized off the chip, not to software, not to any other board component. Infineon TPMs come with X.509 certificates issued by Infineon. If Tarnovsky has truly hacked this one out, he should be able to extract and publish the private part of the Endorsement Key along with Infineon's certificate on that key. All that he has to do is show that he has these TWO pieces of data.

But is he up for it?</p></div><p>
VS<br> <br>
<a href="http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31077696" title="slashdot.org" rel="nofollow">http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31077696</a> [slashdot.org]</p><p><div class="quote"><p>I've been reading about this hack for days, but something seems fishy. Some of the earlier reports [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM.

However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.</p></div><p>$100 says that this is damage control from Infineon by challenging Tarnovsky to something that they know, for whatever reason, he is unable to accomplish?</p></div>
	</htmltext>
<tokenext>This looks like TriSexualPuppy and SiliconEntity enjoying a game of MadLibs.. . http : //hardware.slashdot.org/comments.pl ? sid = 1543104&amp;cid = 31076056 [ slashdot.org ] I have been researching on this hack for hours upon hours , and something just does n't add up .
Earlier reports were of him cracking the SLE 66 CL which is embedded in the TPM but is NOT the TPM itself .
The chips he has been using are cheap ones from China .
The issue at hand is that Infineon is a German company , just a little different from your run-of-the-mill Chinese company .
When you sum these things up , you ca n't really surmise that he has in fact cracked the Infineon TPM .
So what if he has hacked a similar chip ?
You ca n't just go around saying that you have cracked a top-of-the-line Infineon .
Every chip is NOT created equally .
On the flip side , there is an easy way for him to prove me wrong .
Every Infineon TPM comes with an Endorsement Key , basically an RSA secret key .
The purpose of this key is that it should be kept secret and never realized off the chip , not to software , not to any other board component .
Infineon TPMs come with X.509 certificates issued by Infineon .
If Tarnovsky has truly hacked this one out , he should be able to extract and publish the private part of the Endorsement Key along with Infineon 's certificate on that key .
All that he has to do is show that he has these TWO pieces of data .
But is he up for it ?
VS http : //hardware.slashdot.org/comments.pl ? sid = 1543104&amp;cid = 31077696 [ slashdot.org ] I 've been reading about this hack for days , but something seems fishy .
Some of the earlier reports [ computerworld.com ] had him hacking the SLE 66 CL processor chip which is embedded in the TPM , not the TPM itself .
This article also describes him as having to work with many copies of the chip to discover its secrets , but it has the chips being inexpensive ones from China .
Problem is that Infineon is a German company and I do n't think you can get Infineon TPMs cheaply from China .
Putting this together , it 's not clear to me that he has truly hacked an Infineon TPM .
He may have hacked a similar chip and he assumes that the same attack would work on TPM .
However , there is a way for him to easily prove that he has done what he said .
Every Infineon TPM comes with an RSA secret key embedded in it , called the Endorsement Key or EK .
This key is designed to be kept secret and never revealed off-chip , not to the computer owner or anyone .
And Infineon TPMs also come with an X.509 certificate on the public part of the EK ( PUBEK ) , issued by Infineon .
If Tarnovsky has really hacked an Infineon TPM and is able to extract keys , he should be able to extract and publish the private part of the EK ( PRIVEK ) , along with the certificate by Infineon on that key .
The mere publication of these two pieces of data ( PRIVEK and Infineon-signed X.509 cert on PUBEK ) will prove that his claim is true. $ 100 says that this is damage control from Infineon by challenging Tarnovsky to something that they know , for whatever reason , he is unable to accomplish ?</tokentext>
<sentencetext>This looks like TriSexualPuppy and SiliconEntity enjoying a game of MadLibs...
 
http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31076056 [slashdot.org]I have been researching on this hack for hours upon hours, and something just doesn't add up.
Earlier reports were of him cracking the SLE 66 CL which is embedded in the TPM but is NOT the TPM itself.
The chips he has been using are cheap ones from China.
The issue at hand is that Infineon is a German company, just a little different from your run-of-the-mill Chinese company.
When you sum these things up, you can't really surmise that he has in fact cracked the Infineon TPM.
So what if he has hacked a similar chip?
You can't just go around saying that you have cracked a top-of-the-line Infineon.
Every chip is NOT created equally.
On the flip side, there is an easy way for him to prove me wrong.
Every Infineon TPM comes with an Endorsement Key, basically an RSA secret key.
The purpose of this key is that it should be kept secret and never realized off the chip, not to software, not to any other board component.
Infineon TPMs come with X.509 certificates issued by Infineon.
If Tarnovsky has truly hacked this one out, he should be able to extract and publish the private part of the Endorsement Key along with Infineon's certificate on that key.
All that he has to do is show that he has these TWO pieces of data.
But is he up for it?
VS 
http://hardware.slashdot.org/comments.pl?sid=1543104&amp;cid=31077696 [slashdot.org]I've been reading about this hack for days, but something seems fishy.
Some of the earlier reports [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself.
This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China.
Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China.
Putting this together, it's not clear to me that he has truly hacked an Infineon TPM.
He may have hacked a similar chip and he assumes that the same attack would work on TPM.
However, there is a way for him to easily prove that he has done what he said.
Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK.
This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone.
And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon.
If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key.
The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.$100 says that this is damage control from Infineon by challenging Tarnovsky to something that they know, for whatever reason, he is unable to accomplish?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074632</id>
	<title>Once you have physical access to the machine...</title>
	<author>ub3r n3u7r4l1st</author>
	<datestamp>1265741160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>ANY type of security will become crackable.</p></htmltext>
<tokenext>ANY type of security will become crackable .</tokentext>
<sentencetext>ANY type of security will become crackable.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075840</id>
	<title>Attack is Out of Scope</title>
	<author>rochberg</author>
	<datestamp>1265745240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The attack is interesting, but it's actually beyond the scope of what the TPM was designed to do.  The TPM is primarily intended to provide three services:  1) hardware root of trust at boot, 2) fast and secure cryptographic operations (including key storage), and 3) remote attestation.  This attack focuses on the second service, as it is designed to extract the cryptographic keys that are supposed to be stored securely.  Yes, the attack succeeds and it's interesting, but a lot of people are missing the big picture.</p><p>TPMs were never designed to withstand this type of attack.  With regard to "secure storage," the goal was to do something better than just storing your keys on an insecure device like a HD.  The reason that this notion of security is good enough is that the TPM was also designed to be <i>inexpensive</i>.  Would anyone buy a new desktop if the price suddenly jumped up to $10,000 for a Pentium?  So the hardware protection is just supposed to provide a reasonable amount of assurance for the average user.  If you're looking at highly sensitive environments (e.g., military), you shouldn't be using a TPM.  There are cryptographic co-processors out there that have more robust protections against these types of attacks, but they cost a lot more.</p></htmltext>
<tokenext>The attack is interesting , but it 's actually beyond the scope of what the TPM was designed to do .
The TPM is primarily intended to provide three services : 1 ) hardware root of trust at boot , 2 ) fast and secure cryptographic operations ( including key storage ) , and 3 ) remote attestation .
This attack focuses on the second service , as it is designed to extract the cryptographic keys that are supposed to be stored securely .
Yes , the attack succeeds and it 's interesting , but a lot of people are missing the big picture.TPMs were never designed to withstand this type of attack .
With regard to " secure storage , " the goal was to do something better than just storing your keys on an insecure device like a HD .
The reason that this notion of security is good enough is that the TPM was also designed to be inexpensive .
Would anyone buy a new desktop if the price suddenly jumped up to $ 10,000 for a Pentium ?
So the hardware protection is just supposed to provide a reasonable amount of assurance for the average user .
If you 're looking at highly sensitive environments ( e.g. , military ) , you should n't be using a TPM .
There are cryptographic co-processors out there that have more robust protections against these types of attacks , but they cost a lot more .</tokentext>
<sentencetext>The attack is interesting, but it's actually beyond the scope of what the TPM was designed to do.
The TPM is primarily intended to provide three services:  1) hardware root of trust at boot, 2) fast and secure cryptographic operations (including key storage), and 3) remote attestation.
This attack focuses on the second service, as it is designed to extract the cryptographic keys that are supposed to be stored securely.
Yes, the attack succeeds and it's interesting, but a lot of people are missing the big picture.TPMs were never designed to withstand this type of attack.
With regard to "secure storage," the goal was to do something better than just storing your keys on an insecure device like a HD.
The reason that this notion of security is good enough is that the TPM was also designed to be inexpensive.
Would anyone buy a new desktop if the price suddenly jumped up to $10,000 for a Pentium?
So the hardware protection is just supposed to provide a reasonable amount of assurance for the average user.
If you're looking at highly sensitive environments (e.g., military), you shouldn't be using a TPM.
There are cryptographic co-processors out there that have more robust protections against these types of attacks, but they cost a lot more.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075270</id>
	<title>Welcome to the Internet</title>
	<author>TyIzaeL</author>
	<datestamp>1265743320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>It really only needs to be replicated once doesn't it?</htmltext>
<tokenext>It really only needs to be replicated once does n't it ?</tokentext>
<sentencetext>It really only needs to be replicated once doesn't it?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31081546</id>
	<title>Re:Does anyone know if this leads to a soft-hack</title>
	<author>Anonymous</author>
	<datestamp>1265730480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><blockquote><div><p> Interrupt the power to the key storage area for a nanosecond while you try to connect your probe? I'm sorry, you're done</p></div>
</blockquote><p>Things like this are just going to end up causing expensive warranty claims that hardware manufacturers are not willing to accept.</p></div>
	</htmltext>
<tokenext>Interrupt the power to the key storage area for a nanosecond while you try to connect your probe ?
I 'm sorry , you 're done Things like this are just going to end up causing expensive warranty claims that hardware manufacturers are not willing to accept .</tokentext>
<sentencetext> Interrupt the power to the key storage area for a nanosecond while you try to connect your probe?
I'm sorry, you're done
Things like this are just going to end up causing expensive warranty claims that hardware manufacturers are not willing to accept.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074800</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079162
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074244
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076290
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074098
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074920
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074462
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076424
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31080298
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076116
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074008
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075190
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075290
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074590
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074116
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075894
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074122
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074614
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073812
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079674
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075840
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076614
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078730
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074090
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_49</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075452
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31086198
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074244
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079526
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074186
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078144
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075682
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074712
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074012
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075746
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074578
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078564
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074014
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074960
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076474
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074296
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075716
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074128
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076810
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076898
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074148
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31077696
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074108
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074420
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31081546
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074800
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073942
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31082350
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074008
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073896
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076794
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074266
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31077104
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074978
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074014
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074588
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079594
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31101940
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078842
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074178
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31080718
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074176
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075512
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_09_1557204_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076058
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074352
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075746
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31101940
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31077696
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076810
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074244
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31086198
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079162
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075010
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074408
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073938
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074122
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075452
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074296
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076474
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074266
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076794
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075480
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075882
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074108
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074312
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074128
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075716
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073942
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074800
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31081546
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076408
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073896
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074068
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073834
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074578
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075840
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079674
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074090
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078730
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074324
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073872
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31077980
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074178
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078842
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075014
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073842
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31080718
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31077104
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074014
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074978
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078564
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073802
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074614
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074420
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074098
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073974
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074148
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074712
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074492
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074176
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076898
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074012
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074462
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074920
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074960
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074008
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31082350
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076116
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074186
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079526
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074362
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073708
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073828
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075512
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074116
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074590
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075290
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075682
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31078144
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076614
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31079594
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076058
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31080298
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073812
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074632
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_09_1557204.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31073678
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074588
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31074282
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076424
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075894
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31076290
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_09_1557204.31075190
</commentlist>
</conversation>
