On Thu, Jul 27, 2006 at 08:53:26PM -0600, Anne & Lynn Wheeler wrote: > > If you treat it as a real security chip (the kind that goes into > smartcards and hardware token) ... it eliminates the significant > post-fab security handling (prior to finished delivery), in part to > assure that counterfeit / copy chips haven't been introduced into the > stream .... with no increase in vulnerability and threat.
I don't get it. How is there "no increase in vulnerability and threat" if a manufacturer of counterfeit / copy chips can simply read the already generated private key out of a legitimate chip (because it's not protected by a tamperproof module, and the "significant post-fab security handling" has been eliminated) and make as many chips with that private key as he may care to? Why should I believe it's any harder to steal the private key than to steal a "static serial number"? Thor --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
