[2791] in cryptography@c2.net mail archive
Re: DRUDGE-REPORT-EXCLUSIVE 5/20/98 (fwd)
daemon@ATHENA.MIT.EDU (Bill Stewart)
Tue Jun 2 19:45:37 1998
Date: Mon, 01 Jun 1998 01:20:14 -0700
To: Black Unicorn <unicorn@schloss.li>,
"Arnold G. Reinhold" <reinhold@world.std.com>,
William Knowles <erehwon@dis.org>, cryptography@c2.net
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <199805272058.NAA02999@blacklodge.c2.net>
>>I wonder what is the point of using hardware encryption in a satellite at
>>all. A satellite's onboard computer could decrypt and authenticate messages
>>as part of its own software using published algorithms. With public key
...
>Sure they do. The satellite has to sit on the ground in China a good long
>time before it goes up. Using non-hardware/tamper resistant based
>encryption is a rather silly thing to do.
Tamper-resistance is nice, but public-key technology means you don't
_care_ if the Other Guys read your ROMs, because there's nothing secret needed.
(Another example of export laws shooting themselves in the foot...)
You do still want to prevent them from changing your code,
introducing a second session key, filing notches in the fuel lines, etc.,
but public key means military secrets aren't at risk.....
unless, of course, the satellite has Extra Features built in.
The catch with public-key is slowness, but you could bootstrap the system
using one public key exchange to send a session key, which is used for
encrypting future session keys.
[rad-hardness...]
>> I am surprised that there aren't any radiation reliable ROMs built using
>> error correcting codes, but if one cannot rely on ROM to hold a loader big
>> enough to check a public key signature, then I have to concede. Hardware
>> encryption would be the only way to go. Thanks for the explanation.
>
>There are many ROM structures that are totally immune to cosmic rays. The
>most common is mask-programmed ROM, also called wire ROM. But none of the
>after-fab programmable ROMs are immune to cosmic rays. Some are hardened,
>but none immune.
Putting standard computing equipment in a lead box is probably more
cost-effective and performance/weight effective than special hardware.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
