From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: 69d9d207bc507898f5e9192e0382f99006c40a36eb1a3bb67d69767b78d4c8db
Message ID: <9211260030.AA17523@soda.berkeley.edu>
Reply To: <9211252337.AA01494@servo>
UTC Datetime: 1992-11-26 00:30:25 UTC
Raw Date: Wed, 25 Nov 92 16:30:25 PST
From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Wed, 25 Nov 92 16:30:25 PST
To: cypherpunks@toad.com
Subject: RS232 Crypto Dongle (idea for widely accessible crypto technology)
In-Reply-To: <9211252337.AA01494@servo>
Message-ID: <9211260030.AA17523@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain
Phil K. writes:
>My thinking is to limit the external "dongle" to the one function that
>is truly sensitive and worthy of special protection: RSA secret key
>operations.
Phil's comment are right on. There is a need for you secret keys
to be easily and physically relocatable.
Re: key compromise
>I see this as THE major obstacle to our goal of routinely
>encrypting all communications, sensitive or otherwise, as a way of
>"desensitizing" the world to the use of cryptography.
It is my own opinion that there will be a market for personal
protection devices only when data is worth money. Data will be worth
money when some data _is_ money.
>only one primary function -- the execution of an RSA secret key
>operation. [...]
>it might have a "zeroize" function to destroy it.
I refer to this as WEEM: Write, Erase, Encrypt Memory
>Everything else (data compression and armoring, public key operations,
>symmetric cryptography, etc) can and should go in the PC where cycles
>and memory space are much more plentiful.
Depending on the silicon size and production volume, you could
probably use this device for all modular exponentiation operations.
Or a cheap version could use a DSP module from a cell library and do
all the arithmetic more slowly.
>If the dongle has a built-in keypad, then it could store your RSA
>secret key encrypted with a PIN that you'd have to enter to enable the
>device.
Not only a keypad, but a full 4-function calculator with an LCD
display as well! :-)
>I believe that "smart cards" are already available on the market that
>do these or similar functions, although they are much more widespread
>in Europe than in the US.
Smart cards have the disadvantage that their die size is pretty
severely limited. They have to fit within the thickness of a credit
card and withstand repeated flexure.
Much better for this application is the PCMCIA standard, which has
plenty of room for circuitry.
Eric
Return to November 1992
Return to “karn@qualcomm.com (Phil Karn)”