On Sun, Sep 08, 2013 at 02:34:26PM -0400, Perry E. Metzger wrote:
> Any other thoughts on how one could sabotage hardware? An exhaustive
> list is interesting, if only because it gives us information on what
> to look for in hardware that may have been tweaked at NSA request.

I'd go for leaking symmetric cipher key bits into exposed RNG output:
nonces, explicit IVs, and the like.  Crypto hardware with "macro" or
"record" operations (ESP or TLS record/packet handling as a single
operation; TLS or IKE handshake, etc.) offers ample opportunities for
this, but surely it could be arranged even with simpler hardware that
just happens to accellerate both, let's say, AES and random number

The cryptography mailing list

Reply via email to