Just to clarify... I'm NOT saying that any particular piece of "secure" hardware can never be broken. Steve Weingart (the hw security guy for the 4758) used to insist that there was no such thing as "tamper-proof." On the HW level, all you can do is talk about what defenses you tried, what attacks you anticipated, and what tests you tried.
What I am saying is that using "secure coprocessors"---defined loosely, to encompass this entire family of tokens---can be a useful tool. Whether one should use this tool in any given context depends on the context. Are there better alternatives that don't require the assumption of physical security? How much flexibility and efficiency do you sacrifice if you go with one of these alternatives? How dedicated is the adversary? What happens if a few boxes get opened? How much money do you want pay for a device? Some cases in point: it's not too hard to find folks who've chosen a fairly weak point on the physical security/cost tradeoff, but still somehow manage to make a profit. Of course his all still leaves unaddressed the fun research questions of how to build effective coprocessors, and how to design and build applications that successfully exploit this security foundation. (Which is some of what I've been looking into the last few years.) --Sean -- Sean W. Smith, Ph.D. [EMAIL PROTECTED] http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key) Department of Computer Science, Dartmouth College, Hanover NH USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]