Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:55
proff@iq.org
Wed, 5 Aug 1998 06:52:22 +1000 (EST)
-- Start of PGP signed section.
> In <199808041827.OAA19518@homeport.org>, on 08/04/98
> at 02:27 PM, Adam Shostack <adam@homeport.org> said:
>
> >NTT and RSA Japan.
>
> >The chips are not exportable under new regulations imposed by (as I
> >recall) MITI.
>
> I am rather underwhelmed by hardware based crypto. There is just no way of
> verifying that these systems are doing what they claim to be doing. It is
> just too easy to fudge the books without anyone knowing.
>
> Perhaps I am getting too cynical in my old age but there are no big
> electronics shops that I would trust to build crypto hardware. They are
> all too dependent on government contracts.
This is why hardware algorithms without sub-liminal channels are
so important. If your (trusted) software algorithms are sub-liminal
channel free, and the hardware is forced to inter-operate with
them, then back-doors are (almost) a non-issue. I say `almost',
because although the device isn't going to be randomly leaking
keybits, it may be responsive to an active attack. e.g chosen plain
text triggers, RF stimulation, or a preset timer. However, this
is likely to cause inter-operatability problems. The important
question is, can those problems be falsely attributed to some other
cause (e.g signal errors)?
Cheers,
Julian.
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:55