[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The Crypto Home Shopping Network



I noticed a little blurb on the Business Wireservices today
stating that a company named "Digital Delivery" has licensed
technology from RSADSI for a turnkey CD-ROM software catalog
called "CD Product Portfolio".

The product is supposed to permit a company's most valuable
software and intellectual property to be browsed, ordered,
unlocked, and installed from CD-ROM with "absolutely no worry
about hacking or unauthorized use."

The product is based on BSAFE and uses the RSA Public Key
Cryptosystem and the RC4 stream cipher.

Now the interesting part is that this product has been granted
commodity jurisdiction from the Department of Commerce and will
be be allowed to be EXPORTED outside the United States under
license, permitting foreign customers to create encrypted
software catalogs and make use of this distribution mechanism.

Through the magic of RSA encryption, a given program or image (!)
on the CD-ROM will only be released after the browser has
actually ordered and paid for the product.

Do you think this crypto is "strong"?  I am not familiar with
RC4, but it would seem unlikely that it is both hack-proof and
exportable at the same time.  Cost considerations probably
preclude encrypting CDs individually with different keys, so it
is difficult to see what prevents disk owners from communicating
keys to one another for the purpose of unlocking software.  This
idea of mass-produced CDs might nicely dovetail with DigiCash to
enable the complete electronic purchase of programs without the
necessity of having a high-bandwidth connection with the seller
to transfer the software to ones own machine.

Given the extensive "Threat of Crypto" propaganda we have been
hearing from government minions lately, it is very nice to see
the government pushing us towards a future where we may buy all
sorts of interesting things from foreign mass-produced encrypted
CD-ROMs with anonymous DigiCash, all in complete privacy.

Thank-YOU Big Brother. :)

-- 
     Mike Duvos         $    PGP 2.6 Public Key available     $
     [email protected]     $    via Finger.                      $