Re: [Muscle] Re: SSP smart card

Sat, 16 Aug 2003 14:25:36 -0700

Scott Guthery wrote:
Interesting discussion.
Conjecture I: Smart card software has more in common with cryptographic
algorithms than with computer operating systems.
None of us (I assume) would use a cryptographic algorithm without being provided every technical detail of the algorithm and assurance that the realization
we planned to use faithfully implemented these details. Cryptographic security flows from key secrecy, not algorithm secrecy.
There is a long history of smart card manufacturers and smart card issuers
embedding backdoors in smart card software. Witness the weak algorithms and keys in GSM SIMs and http://www.parodie.com/humpich/home.htm/
Conjecture II: If you as a card issuer or cardholder can't analyze the source
code of the smart card operating system in your card and insure that what is in the card you hold is exactly the code you have analyzed, you are playing
at security. 

I think that the same can be said for electronic voting systems such
as those from companies like Diebold. I think that it would go a long
way towards aleviating the public's distrust of such voting systems
if the companies producing such systems weren't do secretive of their
source code.

Unless, of course, their code is so bad that it is just full of holes
waiting to be exploited.

mike

--
----------------------------------------------------------------------------
  Michael Bender                       E-Mail: [EMAIL PROTECTED]
  Sun Microsystems, Inc.                  Tel: 831-401-9510
  14 Network Circle                       Tel: x.31807
  Menlo Park, Ca. 94025
  Mailstop: UMPK14-260                    MD: VPN/IMAP

Never give up! Never surrender!

----------------------------------------------------------------------------

****************************************************************************

              SunNetwork 2003 Conference and Pavilion
  "An unparalleled event in network computing! Make the net work for you!"

                WHEN:  September 16-18, 2003
               WHERE: Moscone Center, San Francisco

For more information or to register for the conference, please visit:

http://www.sun.com/sunnetwork

****************************************************************************

_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.musclecard.com/mailman/listinfo/muscle

Reply via email to