From: Adam Shostack <adam@bwh.harvard.edu>
Date: Sun, 19 Jun 94 07:51:14 PDT
To: pfarrell@netcom.com
Subject: Re: Hardware generators was: your mail
In-Reply-To: <36414.pfarrell@netcom.com>
Message-ID: <199406191450.KAA29861@duke.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


You wrote:

| My thinking was that about 90% of all computers sold are Intel PCs, and
| to get my manufacturing costs down, I need volume and simplicity.
| So by addressing the 90% solution first, I have a larger market without
| the complexity of multiple platforms.
| 
| Once I've sold thousands of Hardware random number generators, then I can
| afford the design effort for other platforms, if they still exist then :-)

	Understood, but its not a matter of addressing 90% or the
other 10%, its a matter of "Is the security gain in building a card
that only hands out each number once worth cutting out 10% of the
market?"  I think that if you are worried about rouge code on your
machine, you aren't going to run on  a computer that can't protect its
memory from random browsing.  (I can still access all of a PC's memory
from normal code, can't I?)  Thus, building a PC card doesn't really
afford you a gain in security if I can use my hostile code to read
PGP's memory locations.  If you agree with that, then there is no good
reason not to build a serial port dongle, and include me in your
potential customers. :)

Adam


-- 
Adam Shostack 				       adam@bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.