Karl Katewu
Mon, 25 Jun 2001 01:02:45 -0700
Please note that I have been receiving emails which are not meant for me. This has started since I joined your mailing list. Please can you look into it so I no longer receive your email. Karl Katewu [EMAIL PROTECTED] ----- Original Message ----- From: <[EMAIL PROTECTED]> To: Smart Muscleheads <[EMAIL PROTECTED]> Sent: Friday, June 22, 2001 11:17 PM Subject: Re: MUSCLE Disk encryption and more > On Fri, 22 Jun 2001, Jim Rees wrote: > > > Ok, so you have a bunch of executables and a table of pre-computed CRC's. > > > > No, you have a bunch of executables, and for each you have a crypto hash > > signed with a private key. > > Ok. > > > You could store the public key in the secure rom, but this guy wants to use > > a smart card, presumably because he wants to be able to re-key. Of course > > the card and the secure hardware still have to share a key (or key pair) so > > they can mutually authenticate. > > Ok, well lets see .. the signatures of each bin can be stored on the > smartcard along with a patched kernel. Ok, that will work so long as the > hardware is intact. Speed may be a slight issue, but I doubt it will > be all that bad. > > The hacker will just replace the CPU and ROMs of the machine that > require the smartcard to boot, thats all. I know that we like to ignore > this fact, but the case of the Net-appliance that was hacked was > mentioned. Did you know that people replace the processors and ROMs in > those things for FUN, to give better performance? > > Small companies will start up selling kits to hack the machine, all that > will be required in the end is the ability to solder. > > And that is the obvious hack -- some brilliant minds will likely find an > easier way. > > I really don't think that there is a solution short of secure, > tamper-resistant hardware. And giving away that sort of stuff isn't all > that cost-effective. > > -- > Michael Graffam ([EMAIL PROTECTED]) > > > *************************************************************** > Linux Smart Card Developers - M.U.S.C.L.E. > (Movement for the Use of Smart Cards in a Linux Environment) > http://www.linuxnet.com/smartcard/index.html > *************************************************************** > *************************************************************** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***************************************************************