Intel Security processor + a question
camera_lumina at hotmail.com
Fri Oct 18 08:54:54 PDT 2002
OK...a follow up question (actually, really the same question in a diferent
Let's say I had a crypto chip or other encryption engine, the code of which
I could not see. Now what if someone had monkeyed with it so that (let's
say) the pool of prime numbers it drew from was actually a subset of the
real pool that should be available for encryption. Let's also say that
"somebody" knows this, and can search byte streams for known strings of
products of these primes. They can then break this cypherstream very easily.
Meanwhile, someone who doesn't know that the code's been tampered with can
try to break the cypherstream using traditional brute force methods, and it
will appear that this is a truly hard-encrypted message.
Now don't get hung up on the details of what I'm saying here...I don't know
if this particular example is possible or not. I'm just wondering iF it is
possible to tamper with crypto code (particularly as embedded on a chip) so
that it appears to all regular users not to have been tampered with, but
meanwhile it allows certain privileged users to access encrypted streams
AND if this is possible, is there some way to examine the encrypted output
and then, say, search for unusual frequency traces of certain sequences, and
determine tha the code has been tampered with? Or are there ways to tamper
with good cryptocode in ways that can never be detected with actually
looking at the originating code?
>From: "Tyler Durden" <camera_lumina at hotmail.com>
>To: camera_lumina at hotmail.com, cypherpunks at lne.com
>Subject: Intel Security processor + a question
>Date: Thu, 17 Oct 2002 11:49:33 -0400
>Intel is moving Security onto its Network processor chips...a quote also
>For now, Intel is tackling very high- and low-end systems. The IXP2850 is
>derived from the IXP2800, which targets 10-Gbit/s line speeds. And back in
>February, Intel released the IXP425, a network processor with encryption
>hardware included, targeting low-end boxes such as enterprise routers (see
>Intel: The Prince of Processors? ).
>For both chips, Intel developed its own hardware to handle the DES, triple
>DES, AES, and SHA-1 encryption standards. In the case of the IXP2850, Intel
>had left room in the IXP 2800 to add these hardware blocks, because
>potential customers had shown enough interest in security. We thought
>about adding crypto [to the IXP2800] as we were building it from the ground
>up, says Rajneesh Gaur, Intel senior product marketing manager.
>Got a question for the cognoscenti amongst us...
>If crypto is performed by hardware, how sure can users/designers be that it
>is truly secure (since one can't examine the code)? Is there any way to
>determine whether standard forms of encryption have been monkeyed with in
>some way (ie, to make those with certain backdoor keys have access at will,
>and yet still conform to he standard as far users can see)?
>And, are hardware-based encryption implementations considered suspect from
>the standard by the more "careful" parts of the crypto community?
>Get faster connections -- switch to MSN Internet Access!
Unlimited Internet access for only $21.95/month. Try MSN!
More information about the cypherpunks-legacy