[3455] in cryptography@c2.net mail archive
Re: IP: State Govt Will Use Datakey Smart Cards
daemon@ATHENA.MIT.EDU (P. J. Ponder)
Tue Oct 13 17:01:54 1998
Date: Tue, 13 Oct 1998 09:22:03 -0400 (EDT)
From: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
To: Enzo Michelangeli <em@who.net>
cc: cryptography@c2.net
In-Reply-To: <005e01bdf639$e42f0f20$88004bca@home>
On Tue, 13 Oct 1998, Enzo Michelangeli wrote:
<. . . .>
> That said, it may still be possible to get the best of both worlds - open
> design of tamper-proof devices. For example, I'd like to see a loadable
> smartcard with a well-documented design, sporting a few built-in devices
> such as a modular multiplier and a hardware-based RNG. Then, the firmware
> comprising the crypto algorithms could be separately developed and subjected
> to public review; this would also ease export-control problems, as RNG's and
> multipliers are not, per se, cryptographic equipment.
>
> Enzo
In addition to firmware being subject to open review, one could check a
hash of the executable against a known and published value, thereby giving
users a greater level of assurance than they might have otherwise,
especially if they themselves weren't comfortable doing the code review.
I like to think that the hash checking could be incorporated in the device
itself, although that would mean that when the next version was released,
you'd have to throw away the old physical device (PCMCIA, smartcard,
whatever).
--
pj
