[146855] in cryptography@c2.net mail archive
Re: [Cryptography] Techniques for malevolent crypto hardware
daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Sep 8 16:33:33 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20130908152232.38716273@jabberwock.cb.piermont.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Sun, 8 Sep 2013 16:21:55 -0400
To: "Perry E. Metzger" <perry@piermont.com>
Cc: Thor Lancelot Simon <tls@panix.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
In principle, the malevolent crypto accellerator could flip into weak mode (however that happens) only upon receiving a message for decryption with some specific value or property. That would defeat any testing other than constant observation. This is more or less the attack that keeps parallel testing of electronic voting machines from being a good answer to the security concerns about them.
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography