From: Adam Shostack <adam@lighthouse.homeport.org>
To: jimbell@pacifier.com (jim bell)
Message Hash: 2017458a210aa84e138e96a9ea98b9d0e996a15fc9226442a612367a007fecf6
Message ID: <199602241929.OAA19522@homeport.org>
Reply To: <m0tqMqf-00091UC@pacifier.com>
UTC Datetime: 1996-02-24 19:48:04 UTC
Raw Date: Sun, 25 Feb 1996 03:48:04 +0800
From: Adam Shostack <adam@lighthouse.homeport.org>
Date: Sun, 25 Feb 1996 03:48:04 +0800
To: jimbell@pacifier.com (jim bell)
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
In-Reply-To: <m0tqMqf-00091UC@pacifier.com>
Message-ID: <199602241929.OAA19522@homeport.org>
MIME-Version: 1.0
Content-Type: text
Faking crypto chips for public algorithims is theoretically
more difficult, because its simple to create a DES_verify routine to make
sure your DES chip is working right. Its more difficult to
near-impossible if the chip picks the key, as it must to avoid easy
rouge implementations.
If the rouge implementation can choose a key, then it can
pre-calculate the appropriate checksum, and then simply tell the other
unit "We're going to use this key." Thus, keys need to be chosen by
the chip, making it tough to see if the chip is functioning properly.
I suspect the NSA knew this.
For more on rouges, see Matt Blaze's paper, on
ftp.research.att.com/dist/mab/keyescrow or somesuch.
jim bell wrote:
| I noted long ago that one disadvantage with having a single, standardized
| encryption chip (like Clipper, even with the key-escrow un-enabled) is that
| the NSA has plenty of money in its budget to build a fake chip that can be
| installed during a black-bag job. True, if they could fake one chip they
| could fake 10, but it's harder to do and the demand for any single kind of
| chip might drop to one per year. Unfortunately, a sufficiently-complex
| FPLD would probably sub for anything if it were in the right package...
|
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to February 1996
Return to “jim bell <jimbell@pacifier.com>”