Understanding the WPA Whitepaper
Following Fully Licensed GmbH's public release of a highly technical whitepaper filled with revelations of the secrets behind Windows Product Activation, many users have rushed to read the findings only to find them downright confusing and cryptic. BetaNews sat down with Thomas Lopatic, one of the paper's authors, to gain further insight into the research - minus the technical jargon.
Thomas Lopatic: Thanks for your interest in our WPA paper. We appreciate your efforts to make its contents available to a much wider audience. As the primary author of the paper, I'll answer the questions you sent to Matthias.
BetaNews: Did Microsoft commission or support this study in any way?
Lopatic: Microsoft was not involved in the creation of the paper in any way.
However, we made a draft version available to Microsoft to give them a head-start. We consider it to be good etiquette to inform a vendor of a
pending publication related to one of the vendor's products, so that the vendor can prepare an official response to the publication.
BetaNews: Your conclusions validate Microsoft's claim that product
activation errs in the side of the users. Can you simply state how you came to that conclusion, keeping in mind that many of our readers are
not from a technical background?
Lopatic: Unfortunately we cannot say anything about whether Microsoft will err on the users' side. What our paper shows is that a)
no sensitive information is transferred to Microsoft and b) typical, i.e. relatively small, hardware upgrades do not negatively affect an
already activated installation of Windows XP. *BUT*, if you either completely re-install Windows XP or modify your hardware beyond what's
tolerated by product activation, your *DO* have to re-activate Windows XP. The important question is now: Will Microsoft let you re-activate?
How often will they let you re-activate? Erring on the users' side would mean that they allow you to re-activate as often as you like. Our paper
does not say anything about their policy towards this matter. This question can only be answered by Microsoft themselves.
So, while we can analyze what information is transmitted to Microsoft and under which circumstances re-activation is required, we do not know anything about Microsoft's policy concerning the number of times your are allowed to re-activate. Microsoft's claim to err on the users' side suggests that you can re-activate as often as you like. However, this is not verifiable by us.
BetaNews: Please elaborate on how Product Activation respects a user's privacy. How do you define privacy?
Lopatic: Product activation respects a user's privacy, because the activation
process does not reveal information that we consider sensitive. Sensitive information would be a user's hardware configuration. But many
hardware configurations map to the same hardware ID. So, if you have a hardware ID, it is not possible to uniquely identify the actual hardware
configuration that the ID was derived from - just because there are so many different hardware configurations that the ID could have been
derived from.
Let us consider the MAC address of an ethernet adapter. It is a 48-bit value, which means that it can have one of 281,474,976,710,656 different values. However, in the hardware ID, it is represented by a bit-field of merely 10 bits, which allows only 1,024 different values to be stored. So, on average, 281,474,976,710,656 / 1,024 = 274,877,906,944 MAC addresses map to the same bit-field value. Because of this loss of
information, nobody will be able to guess the actual MAC address from the value contained in the 10-bit bit-field, since there are
274,877,906,944 candidate MAC addresses from which the bit-field value could have been derived.
BetaNews: In the conclusion it is stated that, "From the above real-world example we know that the PX-32TS maps to the value 0x37 = 55. But there are probably many other CD-ROM drives that map to the same value. Hence, it is
impossible to tell from the bit-field value whether it is a PX-32TS that we are using or one of the other drives that map to the same
value." Does this outline a flaw in product activation?
Lopatic: Yes, this is a theoretical weakness in Microsoft's scheme. Since there is, for example, more than one MAC address that maps to a certain bit-field value (274,877,906,944 MAC addresses as calculated above to be precise), there are many network adapters out here that
actually map to the same bit-field value. If you swap your network adapter for one that yields the same bit-field value, WPA does not notice. However, the problem will be finding one that maps to the same bit-field value. On average only one in 1,024 adapters - the bit-field is 10 bits and thus allows the representation of 1,024 different values - will fit.
BetaNews: Thank you for your time, Mr. Lopatic.