TIS--Building in Big Brother for a Better Tommorrow
Adam Shostack
adam at lighthouse.homeport.org
Sat Feb 24 11:48:04 PST 1996
Faking crypto chips for public algorithims is theoretically
more difficult, because its simple to create a DES_verify routine to make
sure your DES chip is working right. Its more difficult to
near-impossible if the chip picks the key, as it must to avoid easy
rouge implementations.
If the rouge implementation can choose a key, then it can
pre-calculate the appropriate checksum, and then simply tell the other
unit "We're going to use this key." Thus, keys need to be chosen by
the chip, making it tough to see if the chip is functioning properly.
I suspect the NSA knew this.
For more on rouges, see Matt Blaze's paper, on
ftp.research.att.com/dist/mab/keyescrow or somesuch.
jim bell wrote:
| I noted long ago that one disadvantage with having a single, standardized
| encryption chip (like Clipper, even with the key-escrow un-enabled) is that
| the NSA has plenty of money in its budget to build a fake chip that can be
| installed during a black-bag job. True, if they could fake one chip they
| could fake 10, but it's harder to do and the demand for any single kind of
| chip might drop to one per year. Unfortunately, a sufficiently-complex
| FPLD would probably sub for anything if it were in the right package...
|
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list