[146855] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Cryptography] Techniques for malevolent crypto hardware

daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Sep 8 16:33:33 2013

X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130908152232.38716273@jabberwock.cb.piermont.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Sun, 8 Sep 2013 16:21:55 -0400
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Thor Lancelot Simon <tls@panix.com>,
	"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

In principle, the malevolent crypto accellerator could flip into weak mode (however that happens) only upon receiving a message for decryption with some specific value or property.  That would defeat any testing other than constant observation.  This is more or less the attack that keeps parallel testing of electronic voting machines from being a good answer to the security concerns about them.

--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[146855] in cryptography@c2.net mail archive

Re: [Cryptography] Techniques for malevolent crypto hardware

daemon@ATHENA.MIT.EDU (John Kelsey)Sun Sep 8 16:33:33 2013

daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Sep 8 16:33:33 2013