Some points about the security of "crypto dongles" and other personal security devices. Phil Karn writes:
Much better for this application is the PCMCIA standard, which has plenty of room for circuitry.
I had this in mind too. But there's a problem -- if we have to depend on commercial manufacturers to build these things, how will we know if we can really trust them? I'm not impugning the manufacturers themselves, as it's entirely possible that the FBI and/or NSA wouldn't even let them build and sell a device like this if it's "too" secure.
The crucial chips could be built under "open inspection" conditions, much like having source code for inspection prior to compilation on one's own--presumably trustworthy--machines. Several such vendors could be used, with independent auditors observing the processing steps throughout. (Merely the threat of a surprise inspection is probably enough to head off obvious attempts to insert hardware trapdoors and the like.) This seems like a solvable problem. The issue of whether the NSA will let such devices be built is interesting. There was the story of the "PhasorPhone," or somesuch, from some years back, with the story that the inventor, in Seattle, filed a patent application and got back a statement that the device was now classified and could not be talked about (let alone marketed). However, I've heard of no such cases recently. Other countries have excellent wafer fab facilities and could of course build the chips and the complete units. Whether Americans could buy them.... Tamper-Responding Modules (TRMs) Robert Brooks mentions using e-beam probers to read the bits out, and various etches, etc. TRMs came up several weeks ago on this list, and are mentioned in the Glossary posted a few days ago. Even if the TRMs can eventually be gotten into, probably at high cost, they will in most cases leave signs of having been opened, analyzed, probed, etc. (that's the "responding" part of TRM). The nuclear weapons people at Sandia and elsewhere (Russia, one now hopes) have been dealing with the problem for several decades. Some of their work has filtered out to the public literature. Smartcards often have basic TRM methods applied to them. If there's interest, I can summarize. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP Public Key: by arrangement.