Aloha! Peter Gutmann skrev:
So RAM state is entropy chicken soup, you may as well use it because it can't make things any worse, but I wouldn't trust it as the sole source of entropy.
Ok, apart from the problems with reliable entropy generation. I'm I right when I get a bad feeling when I think about the implications of how the device ID is established.
As I understand it, the device itself doesn't know it's ID. Instead you repeatedly send over mem dumps to the reader which then extracts what it (to some estimated degree) consider to be the correct ID.
Wouldn't a "simple" thing like a challenge response and become much more complicated - and insecure?
Basically the device goes from saying: "I'm ID XYZ and to prove it by providing the following response to your challange", to "I'm an amnesiac device and here are my mem dump", please calculate my ID (please remember to power-cycle me x times) and then I'll send a response."
Also, wouldn't the ID-scheme presented in the paper take a very long time. Transferring 256 Bytes * x times + hamming calc (by the host) vs reading 64 bits (or similar ID length)?
I give the paper plus marks for novelty, but can't see how to use this in a secure, practical and cost efficient way.
-- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Kryptoblog - IT-säkerhet på svenska http://www.strombergson.com/kryptoblog ======================================================================== --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
