mgraffam
Fri, 22 Jun 2001 15:00:42 -0700
On Fri, 22 Jun 2001, Jim Rees wrote: > Ok, so you have a bunch of executables and a table of pre-computed CRC's. > > No, you have a bunch of executables, and for each you have a crypto hash > signed with a private key. Ok. > You could store the public key in the secure rom, but this guy wants to use > a smart card, presumably because he wants to be able to re-key. Of course > the card and the secure hardware still have to share a key (or key pair) so > they can mutually authenticate. Ok, well lets see .. the signatures of each bin can be stored on the smartcard along with a patched kernel. Ok, that will work so long as the hardware is intact. Speed may be a slight issue, but I doubt it will be all that bad. The hacker will just replace the CPU and ROMs of the machine that require the smartcard to boot, thats all. I know that we like to ignore this fact, but the case of the Net-appliance that was hacked was mentioned. Did you know that people replace the processors and ROMs in those things for FUN, to give better performance? Small companies will start up selling kits to hack the machine, all that will be required in the end is the ability to solder. And that is the obvious hack -- some brilliant minds will likely find an easier way. I really don't think that there is a solution short of secure, tamper-resistant hardware. And giving away that sort of stuff isn't all that cost-effective. -- Michael Graffam ([EMAIL PROTECTED]) *************************************************************** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***************************************************************