On Sun, Sep 08, 2013 at 02:34:26PM -0400, Perry E. Metzger wrote: > > Any other thoughts on how one could sabotage hardware? An exhaustive > list is interesting, if only because it gives us information on what > to look for in hardware that may have been tweaked at NSA request.
I'd go for leaking symmetric cipher key bits into exposed RNG output: nonces, explicit IVs, and the like. Crypto hardware with "macro" or "record" operations (ESP or TLS record/packet handling as a single operation; TLS or IKE handshake, etc.) offers ample opportunities for this, but surely it could be arranged even with simpler hardware that just happens to accellerate both, let's say, AES and random number generation. Thor _______________________________________________ The cryptography mailing list firstname.lastname@example.org http://www.metzdowd.com/mailman/listinfo/cryptography