PS3 security is "epic fail"

[Piru]

I guess you didn't RTFA.

We now have Sony's private keys that they use to sign the games you buy in the shops.

We can now sign our own homebrew demos/games/OS's using their keys and run them on unmodified PS3's as if they were signed by Sony.

Actually they haven't yet dug out these particular keys (keys used to sign games). What they have dug out are the keys used to sign executables. See [youtube]hcbaeKA2moE[/youtube]

As the presentations points out while the keys to sign actual Bluray games discs are not yet dug out, it's just a matter of time (and effort).

No firmware update can do anything to stop this without rendering all previously released titles unusable.

Firmware updates are to be expected but since there are ways to downgrade it won't be a problem, at least from homebrew point of view. However, it becomes a problem if you want to pirate games: New games will require a new, bugfixed firmware to run.

I predict emulation of new firmwares in the future, similar to that can be seen with PSP: The emulator will run on top of the hacked system, appearing as the latest unhacked system to the game, making it perfectly happy to run.

[Piru]

Any sufficiently mature design, intended to remain operational for at least a decade, would include a protocol for revoking and replacing keys and cryptographic algorithms.

If I remember correctly, the Blu-Ray system is prepared to be upgraded if the keys which enable it to work should be compromised. As the design came out of Sony, just like the PS3, I expect that the PS3 has the same kind of layered security defense.

If you see the full presentation the situation is explained quite well. It is trivial to overwrite any revocation lists totally breaking the chain of trust.

[Piru]

Any sufficiently mature design, intended to remain operational for at least a decade, would include a protocol for revoking and replacing keys and cryptographic algorithms.

If I remember correctly, the Blu-Ray system is prepared to be upgraded if the keys which enable it to work should be compromised. As the design came out of Sony, just like the PS3, I expect that the PS3 has the same kind of layered security defense.

If you see the full presentation the situation is explained quite well. It is trivial to overwrite any revocation lists totally breaking the chain of trust. Also, there's a reliable way to downgrade from whatever update Sony might come up with. In short: Sony is screwed.

[Piru]

Its NOT a HACK as earlier poster said,  the software will be exactly the same as sony had released it.  No alterations or tricks or anything needed.

Actually currently you need to hack the PS3 with the USB dongle. This will change once the disc keys (and any other keys that might be needed) have been recovered. Later on this should change, however.

[Piru]

Yes, you are correct. I just watched the last 15 minutes of the presentation, and this looks as bad as it gets. The Sony designers certainly ticked all the right boxes and threw the right algorithms at the task (anybody not using ECC and AES these days?), but what did them in was likely a trivial programming error in the code that was supposed to supply proper crytographic random numbers to the ECC implementation.

Actually I don't believe it to be an error per se. They just failed to realize that "random number x" actually meant "new random number x every time", while elliptic curve crypto documentation is quite clear about it. This is the epic part in the fail.

Makes you wonder whether the crypto was properly reviewed by a separate team, or if the same guys who wrote it also reviewed and "certified" it. My guess is that it's probably the latter. With that much at stake (Blu-Ray security, PSN security, etc.), this is exactly the kind of process you must not scrimp on. But it happens all the time, even for organizations which ought to know better.

Indeed. Bruce Schneier summarized it pretty well: http://www.schneier.com/essay-028.html

I personally would never even imagine trying to build my own crypto. It's just too easy to fail. I'm perfectly happy to use ready to use and proven solutions such as things provided by openssl.

Here's another recent crypto failure:
HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently
(well not that recent as it was predicted ages ago that the thing was broken... oh, noone listened)

And here's one somewhat older (well newer really;)) case that was really serious:
Debian OpenSSL Predictable PRNG Toys