| Author |
Message |
|
|
 Posted: Aug 12, 2009 - 12:23 PM |
|
Joined: Jul 02, 2005
Posts: 5933
Location: Melbourne, Australia
|
|
OK, I win. First "cab off the rank" ...
http://www.atmel.com/products/securemem/default.asp
I have an alternative foolproof way of preventing my code being stolen. I make sure it is so bad that no one would ever want to steal it. What is your method?
Cheers,
Ross |
_________________
Ross McKenzie
ValuSoft
Melbourne Australia
|
| |
|
|
|
|
|
|
Posted: Aug 12, 2009 - 12:50 PM |
|
Joined: Jul 18, 2005
Posts: 62230
Location: (using avr-gcc in) Finchingfield, Essex, England
|
|
The great unsolved mystery here is after all the important technologies that a new forum could have been created specially for (Wireless AVR, USB AVR, Xmega?) why on earth has a whole forum been created for such a niche product? Can anyone ever remember seeing any previous thread about Atmel's cryptic(sic) memories?
What next? A forum about FPSLIC? Or battery controllers or... ?
Cliff |
_________________
|
| |
|
|
|
|
|
|
Posted: Aug 12, 2009 - 01:50 PM |
|
Joined: Nov 01, 2005
Posts: 6323
Location: Hilversum - the Netherlands
|
|
We have a saying here in the Netherlands:
Quote:
God's plans are inscrutable
I think the same applies to the Almighty of this Forum.
I hope see "the Light" one day ....
Nard |
_________________
Dragon broken ? Or problems with the Parallel Port Programmer ? Scroll down on my projects-page http://www.aplomb.nl/TechStuff/TechStuff.html for tips
|
| |
|
|
|
|
|
|
Posted: Aug 12, 2009 - 05:24 PM |
|
Joined: Apr 25, 2004
Posts: 3808
Location: Denmark
|
|
I was under the impression that the "Crypto" AVR's were secret unless you signed a NDA agreement.
But this might not be the AVR's , just memory ??
/Bingo |
|
|
| |
|
|
|
|
|
|
Posted: Aug 12, 2009 - 05:57 PM |
|
Joined: Jan 31, 2008
Posts: 675
|
|
|
|
|
|
|
|
Posted: Aug 12, 2009 - 06:08 PM |
|
Joined: Nov 22, 2002
Posts: 12036
Location: Tangent, OR, USA
|
|
This page:
http://www.atmel.com/products/securemem/default.asp
says, at the top,
Quote:
CryptoMemory® – The world's first and only family of EEPROMs with a 64-bit embedded hardware encryption engine, four sets of non-readable, 64-bit authentication keys and four sets of non-readable, 64-bit session encryption keys provide the only low-cost, truly secure means of preventing product counterfeiting and/or piracy.
Three of the referenced data sheets have this note:
Quote:
This self-extracting EXE file includes a click-through limited license agreement (LLA).
Personally, I think it would be more useful to have a forum on the unique features of XMega that regular Mega users don't deal with. Stuff like DMA, fast ADC, DAC, clock multiplication, register banking, and such.
Jim |
_________________
Jim Wagner
Oregon Research Electronics, Consulting Div.
Tangent, OR, USA
"The only thing standing between us and victory is defeat" P.G.Wodhouse in Wooster & Jeeves series
|
| |
|
|
|
|
|
|
Posted: Aug 12, 2009 - 08:04 PM |
|
Joined: Apr 01, 2009
Posts: 19
|
|
| Welcome to everyone, I can see that most of you have been around AVRFreaks a lot longer then me. I represent the “Crypto Products Group” for which this forum was created, we actually have several families of products including CryptoMemory, CryptoCompanion, CryptoController, and our latest family CryptoAuthentication. I apologize for the name of the Forum seeming to be focused on one product (it was not my first choice) we are trying to get it changed to something more representative of our group. I will try to comment on some of your postings but be patient as I am still relatively new to the Site. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 12, 2009 - 08:12 PM |
|
Joined: Jul 18, 2005
Posts: 62230
Location: (using avr-gcc in) Finchingfield, Essex, England
|
|
|
|
|
|
|
|
Posted: Aug 12, 2009 - 09:24 PM |
|
Joined: Apr 01, 2009
Posts: 19
|
|
lawson
I would not call Crypto Products a niche group; If you have not heard of our products then we may be just the best kept secret in Atmel.
Often when you think of security you think of an implementation using a microprocessor. Atmel “Crypto Products Group” produces low cost slave devices that work in conjunction with the microprocessor system to provide many security implementations.
If you need a method to store and/or generate new keys for rolling encryption to protect confidential file protection, or to transmit encrypted media.
Our products come in handy if you need an inexpensive slave device to use in, USB security dongles, access device for physical access control, or electronic locker keys.
When you want a way to verify a device across a network, Wireless link, or Power grid (data over power lines)
Authenticating cartridges or consumables that you want to ensure revenue on, or protect corporate reputation and service cost by preventing use of clones in your system.
If you are looking for a low cost solution to use along side an unsecured micro protect firmware IP from being copied and used in cloned device, or proprietary content from leaking to competition.
If knock off batteries are catching fire in your systems and damaging your reputation, Crypto Products can be used to authenticate batteries.
Authentication devices can be used to Verify software downloads prior to use or encrypt them for use in your system only.
Verify that you daughter cards, development boards, attachments devices, or accessories are authorized for use.
Store Keys, confidential information, monetary transactions/balances, or proprietary information, in user carried cards, fobs, etc.
As you can see there are many reasons that people and companies come to us for our Crypto device. Let me know how I can help you understand our products better.
Chris |
|
|
| |
|
|
|
|
|
|
Posted: Aug 12, 2009 - 09:25 PM |
|
Joined: Apr 01, 2009
Posts: 19
|
|
dbvanhorn:
The executable you are downloading is an installer package for the documents and software you requested. The click through LLA is a disclaimer verifying that the users have read and acknowledged our use policies.
Chris |
|
|
| |
|
|
|
|
|
|
Posted: Aug 12, 2009 - 10:49 PM |
|
Joined: Jun 08, 2002
Posts: 1249
Location: Champaign, IL USA
|
|
| No offense, but there are MANY more Freaks interested in the xMega than the crypto devices. An xMega forum would be very active if it were created. You can give that message to the Powers That Be! This will probably be the last time I visit this particular forum. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 08:06 AM |
|
Joined: Dec 15, 2003
Posts: 4402
Location: Slovakia, Bratislava
|
|
| I never really got the whole point of "sign an NDA before seeing our datasheet for a product" - heck, if I were a manufacturer and I was making a product I'd try to advertise the product as much as possible, make the datasheet as available as much as possible. Not "psssst... there's a device you might like, but first sign this.". This is not the only product like this, which is really weird. |
_________________
There are pointy haired bald people.
Time flies when you have a bad prescaler selected.
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 08:33 AM |
|
Joined: Jan 23, 2004
Posts: 9821
Location: Trondheim, Norway
|
|
|
Quote:
I never really got the whole point of "sign an NDA before seeing our datasheet for a product" - heck, if I were a manufacturer and I was making a product I'd try to advertise the product as much as possible, make the datasheet as available as much as possible. Not "psssst... there's a device you might like, but first sign this.". This is not the only product like this, which is really weird.
Actually, I'd be more inclined to use a security product that had freely available datasheets, if I ever needed them. Security through obscurity is never a good defence, and if the chips were worth anything it wouldn't matter who got to see the datasheets. Similar to how the algorithms to the most secure encryption schemes (Blowfish, etc.) are freely available, yet data encrypted using them still remains so unless the attacker brute forces the password.
Nth'ing the notion to have an XMega forum instead of forum for an only tangentially related product.
- Dean  |
_________________
Atmel Studio 6.1 is now released, grab it here.
Report AS6/ASF bugs here.
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 09:10 AM |
|
Joined: Jul 18, 2005
Posts: 62230
Location: (using avr-gcc in) Finchingfield, Essex, England
|
|
|
Quote:
If you have not heard of our products then we may be just the best kept secret in Atmel.
 - very good!
(at least the change of forum name makes it a little less "niche" now  ) |
_________________
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 09:57 AM |
|
Joined: Mar 28, 2001
Posts: 20338
Location: Sydney, Australia (Gum trees, Koalas and Kangaroos, No Edelweiss)
|
|
| Please send me details on how to crack secure devices. This is VERY URGENT for me as I want to retire early. |
_________________
John Samperi
Ampertronics Pty. Ltd.
www.ampertronics.com.au
* Electronic Design * Custom Products * Contract Assembly
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 12:39 PM |
|
Joined: Dec 11, 2007
Posts: 6843
Location: Cleveland, OH
|
|
WELL....
As the XMega includes an AES/DES engine, perhaps we could Hi-Jack the entire forum and turn it into an XMEga forum.
JC |
|
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 04:47 PM |
|
Joined: Aug 12, 2009
Posts: 12
Location: Atmel Colorado Springs
|
|
Our chips are based on NSA algorithms such as SHA-256 or AES. If you'd like to crack the algorithm, NSA will contribute to your retirement happily.
Of more interest, though, to the AVR community is the fact that these peripherals solve a specific set of problems and make solutions to those problems possible. |
|
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 05:32 PM |
|
Joined: Apr 08, 2007
Posts: 7
|
|
Security algorithms only make up a single layer in a security onion. Other layers are stuff like keys, tampers, randomness, etc. A quick search over the internet will reveal that most of the notable algorithms like DES, RSA, SHA-1 etc. all have published weaknesses, but there exist well designed products using these very algorithms that continue to remain secure. Knowing how to build fortresses from sometimes sub par algorithms takes research, money, knowledge, experience etc., and why hand it over so easily to copycats? After all, if the true intentions are legit, why shy away from signing an NDA? It's not really obscurity if signing NDA grants access to all the info, is it?
abcminiuser wrote:
Quote:
I never really got the whole point of "sign an NDA before seeing our datasheet for a product" - heck, if I were a manufacturer and I was making a product I'd try to advertise the product as much as possible, make the datasheet as available as much as possible. Not "psssst... there's a device you might like, but first sign this.". This is not the only product like this, which is really weird.
Actually, I'd be more inclined to use a security product that had freely available datasheets, if I ever needed them. Security through obscurity is never a good defence, and if the chips were worth anything it wouldn't matter who got to see the datasheets. Similar to how the algorithms to the most secure encryption schemes (Blowfish, etc.) are freely available, yet data encrypted using them still remains so unless the attacker brute forces the password.
Nth'ing the notion to have an XMega forum instead of forum for an only tangentially related product.
- Dean
|
|
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 06:11 PM |
|
Joined: Dec 15, 2003
Posts: 4402
Location: Slovakia, Bratislava
|
|
| Yes, I'm fairly certain that somewhere in China, right now there's a chip copycat sobbing into his pillow, due to the fact that he's not allowed by the datasheet to copy the chip, and his friends are sobbing even more, due to the fact that they can't even read the datasheet, cause they won't agree to the NDA. |
_________________
There are pointy haired bald people.
Time flies when you have a bad prescaler selected.
|
| |
|
|
|
|
|
|
Posted: Aug 13, 2009 - 06:19 PM |
|
Joined: Nov 17, 2004
Posts: 6137
Location: Great Smokey Mountains.
|
|
|
eustace wrote:
After all, if the true intentions are legit, why shy away from signing an NDA? It's not really obscurity if signing NDA grants access to all the info, is it?
But I find this the most troubling statement of all. It implies that folks at Atmel really believe that only honest folks can get an NDA with them. This is foolish beyond belief. It blocks legitimate folks who want to have a peak without the hassle of doing an NDA, but allows any crooked SOB who is willing to take the time to fake an NDA to have full access. The truly disturbing thing is that if the security folks at Atmel can't see this, then how on God's Green Earth could they be trusted to come up with a truly secure technology?
Smiley |
_________________
FREE TUTORIAL: 'Quick Start Guide for Using the WinAVR C Compiler with ATMEL's AVR Butterfly' AVAILABLE AT: http://www.smileymicros.com
|
| |
|
|
|
|
|
FAQ
Search
Register
Log in to check your private messages
Log in
Maximize
RSS
