1992-11-25 - Re: RS232 Crypto Dongle (idea for widely accessible crypto technology)

Header Data

From: karn@qualcomm.com (Phil Karn)
To: yanek@novavax.nova.edu
Message Hash: 6bb8b885d26c30cdb5edf3337746b13505a3e309de53b7f49714a8d1102ca283
Message ID: <9211252337.AA01494@servo>
Reply To: N/A
UTC Datetime: 1992-11-25 23:38:09 UTC
Raw Date: Wed, 25 Nov 92 15:38:09 PST

Raw message

From: karn@qualcomm.com (Phil Karn)
Date: Wed, 25 Nov 92 15:38:09 PST
To: yanek@novavax.nova.edu
Subject: Re:  RS232 Crypto Dongle (idea for widely accessible crypto technology)
Message-ID: <9211252337.AA01494@servo>
MIME-Version: 1.0
Content-Type: text/plain


I've also been thinking about the risks of running crypto software on
hackable PCs and ways of protecting against this with external special
purpose devices.

My thinking is to limit the external "dongle" to the one function that
is truly sensitive and worthy of special protection: RSA secret key
operations.

It seems to me that whenever you use a PC to encrypt or decrypt
something, you have to accept the risk that it might have been hacked,
and whatever you do on it might be secretly recorded.

But when I now run PGP (or any similar package) on a machine, I must
risk much more than this every single time I type in my pass phrase,
namely *everything* that ever was or will ever be encrypted with this
same RSA key pair. This may well be an unacceptable risk, especially
if I'm temporarily borrowing somebody else's machine or using one in a
public area. I see this as THE major obstacle to our goal of routinely
encrypting all communications, sensitive or otherwise, as a way of
"desensitizing" the world to the use of cryptography.

The way around this risk is to move the RSA secret key storage and
processing operations to some external dongle. The device would have
only one primary function -- the execution of an RSA secret key
operation. It would not allow the secret key to be read out of the
device, although it might have a "zeroize" function to destroy it. (It
might also include a good random number generator for the convenience
of the host computer.)

Everything else (data compression and armoring, public key operations,
symmetric cryptography, etc) can and should go in the PC where cycles
and memory space are much more plentiful.

If the dongle has a built-in keypad, then it could store your RSA
secret key encrypted with a PIN that you'd have to enter to enable the
device. This would protect you if the device were stolen. Of course,
the best protection is to make the device so small that you can
conveniently keep it with you at all times instead of having to store
it someplace.

I believe that "smart cards" are already available on the market that
do these or similar functions, although they are much more widespread
in Europe than in the US.

Comments?

Phil





Thread