bram (bram@gawth.com)
Wed, 5 Aug 1998 10:43:20 -0700 (PDT)
On Tue, 4 Aug 1998, Bill Stewart wrote:
> At 06:52 AM 8/5/98 +1000, proff@iq.org wrote:
> >This is why hardware algorithms without sub-liminal channels are
> >so important.
>
> Unfortunately, you're correct here. The problem is that
> the algorithm I most want a system to use, Diffie-Hellman,
> is easy to put subliminal channels in if you're using it in the
> new-key-every-time mode for perfect forward secrecy.
Isn't this a general problem with any sort of public-key encryption? The
thing which gets encrypted is generally a key coupled with an IV, and both
of those are nothing but nice fat subliminal channels.
The reasonably straightforward fix in hardware is to have the encryption
chip get it's random numbers from something else, hopefully a PRNG piece
of hardware made by a different manufacturer, and have that get it's
random numbers from somewhere else, hopefully an RNG piece of hardware
from a third manufacturer.
-Bram
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:55