.pm writes:
Why not? If the card knows its own key, then someone else can probably get the key out by some nasty mechanism.
One of the earliest breaks of the Videocipher II analog satellite descrambler back in 1986 was based on twidling with the timing and electrical characteristics of the chip clock on the supposedly tamperproof TMS 7000 crypto microprocessor until it stared to misexecute instructions. By chance, some PROM code that allowed reading the secret seed keys used by each individual box to decode master keying messages addressed to it happened to be a few instructions after some other code normally accessible by issuing commands to the chip. One kept issuing those commands while corrupting the clock until the chip misexecuted the branch at the end of the public code and fell into the otherwise inaccessible code that allowed access to the seed keys. So yes, this has already been done in one real case of cryptosystem defeat. For a while, it was the standard method of obtaining seed keys from VC-II boards. Later versions of the ROM code removed that vulnerability. Dave