Re: A89: U.S. Encryption Laws

Re: A89: U.S. Encryption Laws

• To: assembly-89@lists.ticalc.org
• Subject: Re: A89: U.S. Encryption Laws
• From: =?ISO-8859-1?Q?Risto_J=E4rvinen?= <rjarvine@cc.hut.fi>
• Date: Fri, 3 Dec 1999 12:38:54 +0200 (EET)
• In-Reply-To: <19991203105600.B5100@m101.ryd.student.liu.se>
• Reply-To: assembly-89@lists.ticalc.org

On Fri, 3 Dec 1999, Johan wrote:
> On Fri, Dec 03, 1999 at 09:21:02 +0200, Risto Järvinen wrote:
> > Instead RSA could be used to make a digital signature on programs and the
> > calc would refuse to run them.  This wouldn't protect the programs from
> > being pirated (you can copy them but they won't run on another calc) but
> > it'd let the calculator be exported.
>
> The MD5 algorithm is used to make a digital signature and this signature is
> encrypted (by TI) using RSA. The calculator decrypts this and verifies the
> checksum, if it doesn't match the app is deleted.

That's what I thought, too.  That would explain why TI wants to sign all
software:  nothing stops you from copying software but software checks
your serial number and self-destructs if it isn't right.  And you can't
modify software to accept your serial because its signed because calc
checks signature. And TI wants to moderate signed programs so you can't
sign your modified software.

It also explains the 8kB RAM limit:  You could modify FLASH apps to run in
RAM, so TI blocked that also.

Nice scheme but the fact that you must pay to sign your programs totally
kills free software.  I mean, few are generous enough to pay to give out
software.  IMHO, TI should give signatures free for non-profit use.


> > Plus if calculator actually decrypts something using RSA, it means that it
> > has the 'private key', so you could just disassemble the ROM to find it
> > out.  Authenticating digital signature needs only the 'public key' while
> > signing requires the 'private'.
> Right and wrong. It's true that authenticating requires the public key, and
> that's why you will *not* find the private key in the ROM. Only TI knows the
> private key, and only TI can sign apps/ROMs.

Hm.  I must have said it unclearly because what you said is the same I
meant :-)  Checking authenticy : public key.  Signing software : private
key.  So, we just have to crack the private key :-P


	- Riba

• Re: A89: U.S. Encryption Laws
• From: Zoltan Kocsi <zoltan@bendor.com.au>

• Re: A89: U.S. Encryption Laws
• From: Johan <johei804@student.liu.se>

• Prev: RE: A89: Re: How TI's keys work
• Next: Re: A89: U.S. Encryption Laws
• Index(es):
  • Main
  • Thread