From: karn@qualcomm.com (Phil Karn)
Date: Wed, 25 Nov 92 16:47:49 PST
To: hughes@soda.berkeley.edu
Subject: Re:  RS232 Crypto Dongle (idea for widely accessible crypto technology)
Message-ID: <9211260047.AA01958@servo>
MIME-Version: 1.0
Content-Type: text/plain


>Much better for this application is the PCMCIA standard, which has
>plenty of room for circuitry.

I had this in mind too. But there's a problem -- if we have to depend
on commercial manufacturers to build these things, how will we know if
we can really trust them? I'm not impugning the manufacturers
themselves, as it's entirely possible that the FBI and/or NSA wouldn't
even let them build and sell a device like this if it's "too" secure.

That's the paradox of freely-available crypto software like PGP.  The
software, including source, is open for inspection by all. But because
it runs on general purpose computer hardware, it's vulnerable to all
of the usual computer security attacks (viruses, modifications to
secretly record or transmit keys, keystroke monitors, etc). Going to
small, dedicated pieces of hardware removes these vulnerabilities, but
then we're right back where we started -- with an opaque piece of
commercial hardware whose secure operation we can't verify.

Unless, of course, we can get the technology to build PCMCIA cards
ourselves out of readily available parts...

Phil