In principle, the malevolent crypto accellerator could flip into weak mode 
(however that happens) only upon receiving a message for decryption with some 
specific value or property.  That would defeat any testing other than constant 
observation.  This is more or less the attack that keeps parallel testing of 
electronic voting machines from being a good answer to the security concerns 
about them.

The cryptography mailing list

Reply via email to