Mike Duvos writes:
perry@piermont.com ("Perry E. Metzger") writes:
Why not? If the card knows its own key, then someone else can probably get the key out by some nasty mechanism.
There is no physical difference between cards. The key information is stored in EEPROM, and the links which permit the EEPROM to be written are burned after programming is complete. The EEPROM data is then only accessible to intimately associated circuitry in its vicinity.
Or to people with access to scanning microscopy techniques like STMs or AFMs. I suspect that there are lots of techniques that can be successfully used. It used to be that using them required the sort of facilities only available at a large semiconductor manufacturer, but now I suspect that it would be easy for a student at a major university, and probably less easy, but still perfectly feasible, for a person working at home with lots of sophisticated but fairly available equipment like STMs.
Presumedly the state of the EEPROM cannot be deduced by any external examination of the card, and any attempt to incrementally abrade the card down to the relevent circuit elements should completely obliterate the minute charge differences which represent the data.
They aren't immune to the laws of physics. If it can be put together, it can be taken apart. I can even surmise HOW it can be taken apart.
At least, that's the theory. The Europeans trust this technology well enough to let it represent real money, so presumedly they do not consider hacking a possibility.
The Americans trust their money to the notion that no counterfeiter can afford to pay a million or so for an intaglio press. Do you think this is likely? In any case, I notice that the claim has changed. Before, it was claimed, speciously, that modern cryptography could solve this problem. Now it is claimed that the security of the system depends entirely on keeping the user from breaking in to a piece of equipment that they have physical possession of. Pretty different story, eh?
Perhaps our resident VLSI and Alpha Particle expert, Timothy C. May, could give us a guess as to whether Perry's "Nasty Mechanism" is more or less likely than Maxwell's "Daemon."
I think he'll tell you that he doesn't know how much effort it will take but that Intel's labs probably could manage it and that they probably couldn't manage to build Maxwell's Demon. Perry