Peter Gutmann wrote:
Thierry Moreau <[email protected]> writes:
As a derived engineering strategy, wouldn't it be better to design a system
where the long-term secrets are kept in a "secure" co-processor,
Yes, of course, but that's asking the wrong question, what you need to ask is:
As a product manufacturing strategy, should we put money into designing a
system where the long-term secrets are kept in a "secure" co-processor,
and the answer to that is almost always "no". Heck, even if you phrase it as
"should we use the TrustZone capabilities that are *alreay built into the
chip*" or "I'd love to use the integrated crypto, I'll do it at no cost as a
design exercise" the answer has been "no". The extra stuff costs, not just
in BOM and NRE terms but in terms of future compatibility, support, custom
functionality, ...
The above citation is truncated. Let me re-phrase the original question:
Between
1) a host plus a "secure" co-processor, and
2) a host plus some H/W for true random source
(with their life cycle costs as indicated above), wouldn't it be more
efficient (for overall system security) to procure 1) first.
By the way, yes, the market for these things seem tiny.
So, back to the designer board, once you have the "secure" co-processor,
you have the luxury of running a large state PRNG within a "secure"
processor boundary, and you have less dependency on high speed true
random source.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
