Mike Rosing
Thu, 17 Oct 2002 09:50:11 -0700
On Thu, 17 Oct 2002, Tyler Durden wrote: > If crypto is performed by hardware, how sure can users/designers be that it > is truly secure (since one can't examine the code)? Is there any way to > determine whether standard forms of encryption have been monkeyed with in > some way (ie, to make those with certain backdoor keys have access at will, > and yet still conform to he standard as far users can see)? > And, are hardware-based encryption implementations considered suspect from > the standard by the more "careful" parts of the crypto community? > As long as it puts out the correct data for any set of input keys you can verify it easily. A logic analyzer can verify there are no additional data blocks being shipped around the system. The only thing you can't really check is a physical back door where someone with a special connector can tap the chip and dump some internal memory (like a key holding block). Since that's not economicly viable (there are easier ways to steal keys) it's not worth worrying about. So "trust but verify" is still a good idea. Patience, persistence, truth, Dr. mike