| Author |
Message |
|
|
 Posted: Aug 13, 2009 - 07:42 PM |
|
Joined: Mar 27, 2002
Posts: 18749
Location: Lund, Sweden
|
|
|
Quote:
if the security folks at Atmel can't see this, then how on God's Green Earth could they be trusted to come up with a truly secure technology?
You know why, Joe. Because the people designing the chips are hopefully well trained and experienced chip designers, with deep knowledge about secure chip implementations, but the people designing the NDA scheme are the same (or similar) brain-deads that requires the data sheets to have "copy protection". |
|
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 09:21 PM |
|
Joined: Aug 12, 2009
Posts: 12
Location: Atmel Colorado Springs
|
|
| The LLA isn't an NDA. It's just recognition that the material is licensed with a pretty standard open-source license. We actually do look at people who request NDA's and a director has to sign the thing. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 09:28 PM |
|
Joined: Nov 29, 2007
Posts: 3219
|
|
|
eustace wrote:
After all, if the true intentions are legit, why shy away from signing an NDA? It's not really obscurity if signing NDA grants access to all the info, is it?
I have signed a lot of NDAs and licenses when I was younger. Now, older and wiser I avoid them like the plague.
It's for two simple reason.
1) I certainly can't remember all the details of the junk I have signed. I don't want to reread a bunch of NDAs and licenses every few month, to check if they have expired and to refresh my memory about what I am still not allowed to talk or write about. I don't want to have to run every word through a mental filter in my brain whenever I talk shop about an IC with people.
2) NDAs and licenses are written by lawyers, and it takes lawyers to understand all implications. Are you going to pay my lawyer to explain your stuff to me? You want to sell that stuff to me, why should I pay for the privilege to buy from you?
Sure, you can market your stuff in whatever way you like. Your Xmega and AVR colleagues don't talk to us, while you have chose to annoy as with an NDA, license or whatever. Fine, these are Atmel's decisions.
But signing that stuff or agreeing to ti is not a yardstick for measuring if my intentions are legit. In fact, I am appealed that you imply that people detesting that stuff have illegal intentions. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 09:45 PM |
|
Joined: Nov 29, 2007
Posts: 3219
|
|
|
MaxMay wrote:
Our chips are based on NSA algorithms such as SHA-256 or AES. If you'd like to crack the algorithm, NSA will contribute to your retirement happily.
SHA-256 is standardized in FIPS-180. You can download that standard from NIST free of charge. And probably from hundreds of other US government servers.
http://csrc.nist.gov/publications/fips/ ... s180-2.pdf
AES is standardized in FIPS-197. Again, you can also download that standard from NIST, free of charge. In fact, AES was even designed in public, under the guidance of NIST in a kind of contest.
http://csrc.nist.gov/publications/fips/ ... ps-197.pdf
Come back with your NSA line once the NSA has raided NIST and shipped all of NIST to Guantanamo with a special retirement package. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 11:42 PM |
|
Joined: Dec 11, 2007
Posts: 6980
Location: Cleveland, OH
|
|
Hi cgorog,
By the way, Congrats on the new chip line. I don't know how big this "niche" market is, but it must be sizable, or it would not have justified the time, effort, and resources to make it a reality.
If it strengthens Atmel's position in the world market that is a good think.
I don't forsee having a immediate need for this new capability myself, but it is nice to know it exists, and if I need it, I will not (overly) mind signing an NDA / LLA. That is just part of the cost of doing business these days.
I think the NDA/LLA struck a nerve with several people, as noted above.
I think it also struck the nerve of several others, myself included, that numerous Freaks have suggested a sub-forum for the Xmega, for which this group sees a true need, and significant potential benefit, only to be shot down by those with the ability to make it happen. Then, out of the blue, a new sub-forum pops up, which is likely to represent a very small fraction of the topics and threads on the forum.
It would truely be nice if the powers that be would at least reconsider an XMega sub-forum, having now demonstrated the "ease" with which a new one can be created.
Thank you to the forum guru's, by the way, for fixing the Avitar bug. It is a small thing, but it keeps people happy.
Surf around the forum a bit and you will find plenty of threads with somewhat, or outright, hostility, but also plenty more to keep things in balance.
Welcome to the forum.
JC |
|
|
| |
|
|
|
|
|
|
Posted: Aug 14, 2009 - 07:10 AM |
|
Joined: Aug 13, 2006
Posts: 6758
Location: Bellingham, WA - USA
|
|
Not to beat a dead horse, and with no disrespect to the cryptomaniacs, but it really is pathetic that this forum gets precedence over an XMega one. You guys must have some powerful political pull -- got all the Atmel family secrets locked away in your various chips? Dating the boss's daughter?
Well, OK, it is beating a dead horse. But still... |
_________________
Chuck Baird
"It's better to catch the trapeze than test the safety net" -- RPi book
http://www.cbaird.org
|
| |
|
|
|
|
|
|
Posted: Aug 14, 2009 - 04:33 PM |
|
Joined: Aug 12, 2009
Posts: 12
Location: Atmel Colorado Springs
|
|
| I've emailed the head of marketing for AVR and suggested an XMega forum. It's a different BU, so it's up to them, but it's a reasonable suggestion. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 14, 2009 - 04:42 PM |
|
Joined: Aug 12, 2009
Posts: 12
Location: Atmel Colorado Springs
|
|
Imagine a medical device that uses disposable attachments such as surgical instruments do. Imagine that a Chinese firm markets cheaper knock-offs of the attachment that bear the same markings as the original.
Our stuff for about a quarter can insure it's the real thing.
That's the market, or at least one of them.
It's a very high probability that most of you have our products in your lives, and a certainty that you have either ours or a competitors in your lives. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 14, 2009 - 04:55 PM |
|
Joined: Jul 18, 2005
Posts: 62922
Location: (using avr-gcc in) Finchingfield, Essex, England
|
|
|
Quote:
It's a very high probability that most of you have our products in your lives,
That's SO true - I just converted the spare bedroom into an operating theatre 
Sorry to be facetious - I do understand your point - honest. But what you describe sounds an awful lot like yet another facet of Digital Rights Management and I think all of us have probably been bitten by that and simply annoyed by overly zealous "access management" systems in every day life.
OTOH I guess that as professional engineers there are times when we'd all like to protect our IPR. We've done it on our own products but we tend to just come up with proprietary ideas just to put off the Saturday afternoon "hacker". If a commercial (Far Eastern?) enterprise is intent on breaking a design it's a pretty fair bet they are going to succeed whatever you do. In fact I've worked for one of the companies in Europe with possibly the tightest content control system there is (Videocrypt from NDS used by BSkyB satellite TV systems) and yet even that has been subject to attack. |
_________________
|
| |
|
|
|
|
|
|
Posted: Aug 14, 2009 - 06:12 PM |
|
Joined: Apr 08, 2007
Posts: 7
|
|
[/quote]But I find this the most troubling statement of all. It implies that folks at Atmel really believe that only honest folks can get an NDA with them.
First, lets clear up a common misconception. Good security does not rely on any document, whether under NDA or not, to remain secure. The techniques to arrive such security is value worth protecting.
Now, as counter intuitive as this may sound, NDA does not prevent information dissemination. All it does is introduce accountability. Anyone with a controlled NDA document issued them will have to think twice before laying it around carelessly, after all, they are answerable if that document falls in the wrong hands. They don't have to be honest but I'm guessing they like the rest of us humans have an opinion about talking to lawyers 
eustace |
|
|
| |
|
|
|
|
|
|
Posted: Aug 14, 2009 - 06:49 PM |
|
Joined: Apr 08, 2007
Posts: 7
|
|
Hello ArnoldB,
We probably both share the same strong emotions towards lawyers. Heck they speak a 'higher' level of language in any culture, clearly beyond my comprehension.
The probable truth is nobody wants to sign NDA unless they have to, and when they do, it's because they see value in doing so - better value than available alternatives. I hope you see how when truly in this position the NDA becomes a stepping stone to a solution.
Now, the good news is that only a small fraction of security products require NDA, and even so, usually on specific and pertinent details like "what is your secret sauce?". Case in point are the families of Crypto Products this forum category is addressing.
I have to say it is a little unfair to security products because the taste is never enough as prove of the pudding - you always have to show more to prove your claims are legit. For everything else, it's enough just seeing the product work - no additional questions asked. How often do product owners in other fields have to disclose the secret algorithm (IP) behind a working product? Who in the consumer crowd asks or even cares?
In other to continue researching and providing such unique value, the crypto guys have to do what it takes to keep the efforts going. There is always room for better suggestions.
eustace |
|
|
| |
|
|
|
|
|
|
Posted: Aug 16, 2009 - 05:32 AM |
|
Joined: Jun 18, 2001
Posts: 1085
Location: Brisbane Queensland Australia
|
|
Maybe the reason why the ATtiny10 or lower numbers that has just been release recently.
There is something hidden (some layers of crypto) in there we know nothing about.
That is why is secret. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 16, 2009 - 06:14 AM |
|
Joined: Jul 27, 2001
Posts: 7429
Location: St. Leonards-on-Sea (UK)
|
|
Where does all this rubbish about an NDA come from? The LLA (Limited Liability Agreement) that they require is completely different from an NDA!
Leon |
_________________
Leon Heller
G1HSM
|
| |
|
|
|
|
|
|
Posted: Aug 16, 2009 - 02:06 PM |
|
Joined: Apr 06, 2008
Posts: 415
Location: Singapore
|
|
| LLA or NDA, in any case, I appear to be excluded, unless I download that file in a VM and run it. How hard would it be to have some kind of web-based acceptance form before downloading the datasheet, sort of like how avrstudio is painfully obtainable. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 16, 2009 - 02:08 PM |
|
Joined: Jan 23, 2004
Posts: 9878
Location: Trondheim, Norway
|
|
|
Quote:
sort of like how avrstudio is painfully obtainable.
Speaking of which, I'm running out of Flintstones characters to put into the form when I need to download each new version. Anyone have any other suggestions for interesting characters I can register?
- Dean  |
_________________
Atmel Studio 6.1 is now released, grab it here.
Report AS6/ASF bugs here.
|
| |
|
|
|
|
|
|
Posted: Aug 16, 2009 - 02:15 PM |
|
Joined: Apr 06, 2008
Posts: 415
Location: Singapore
|
|
|
abcminiuser wrote:
Anyone have any other suggestions for interesting characters I can register?
What about permutations of first-last name pairs? |
|
|
| |
|
|
|
|
|
|
Posted: Aug 20, 2009 - 10:58 PM |
|
Joined: Apr 01, 2009
Posts: 19
|
|
Uncase you did not see the posting on the other thread.
Thank you to all that have chimed in on the concerns over the perceived NDA and LLA requirements on some of the Crypto products. Atmel has revisited these requirements and is in the process of clarifying those requirements and updating the affected product pages on the web site. For the products in question, LLA's will only apply to the crypto libraries. No NDAs will be required for these products released public datasheets.
One additional note: Our CryptoAuthentication family of devices uses a standard SHA-256 Algorithm and does not require an NDA or LLA for use of all documentation including source.
Chris |
|
|
| |
|
|
|
|
|
|
Posted: Aug 20, 2009 - 11:40 PM |
|
Joined: Jun 15, 2008
Posts: 1779
Location: North Carolina USA
|
|
| Personally I like to use Harcourt Fenton Mudd, the Star Trek con artist. Lots of other obscure name potential there. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 20, 2009 - 11:42 PM |
|
Joined: Mar 28, 2001
Posts: 20630
Location: Sydney, Australia (Gum trees, Koalas and Kangaroos, No Edelweiss)
|
|
| HEH, I use my real name...what can possibly happen?...what can possibly happen?...what can possibly happen?...what can possibly happen?...what can possibly happen? |
_________________
John Samperi
Ampertronics Pty. Ltd.
www.ampertronics.com.au
* Electronic Design * Custom Products * Contract Assembly
|
| |
|
|
|
|
|
|
Posted: Aug 21, 2009 - 12:06 AM |
|
Joined: Aug 13, 2006
Posts: 6758
Location: Bellingham, WA - USA
|
|
|
Quote:
I use my real name...
Crypto Roo? |
_________________
Chuck Baird
"It's better to catch the trapeze than test the safety net" -- RPi book
http://www.cbaird.org
|
| |
|
|
|
|
|
FAQ
Search
Register
Log in to check your private messages
Log in
Maximize
RSS
