Thor Lancelot Simon wrote:
> So, you sign the public key the chip generated, and
inject the _signed_
> key back into the chip, then package and ship it. This
is how the SDK
> for IBM's crypto processors determines that it is
talking to the genuine
> IBM product. It is a good idea, and it also leaves the
chip set up for
> you with a preloaded master secret (its private key)
for encrypting other
> keys for reuse in insecure environments, which is
really handy.
>
> But do we really think that general-purpose CPUs or
DSPs are going to
> be packaged in the kind of enclosure IBM uses to
protect the private keys
> inside its cryptographic modules?
so one analogy to explore is somebody claims pin/passwords
authentication infrastructures have the exact same
vulnerabilities (no
more and no less) as private key digital signature
authentication. that
evesdropping attacks on digital signatures represents the
exact same
vulnerability as evesdropping on pin/passwords.
to further explore this analogy ... the registration of a
public key as
part of digital signature infrastructure represents the same
exact
vulnerability as pin/password registration .... i.e. that
anybody having
access to the public key registration file can take the
public key and
perform a fraudulent authentication ... because just like in
pin/password authentication paradigm ... the public key is
used for both
originating the authentication as well as verifying the
authentication.
for some additional assertions in this analogy ... that
would imply that
an attacker only needs to learn the public key in order to
perform a
successful attack and doesn't actually require access to
the private key
at all (assuming an assertion that a serialno/pin/password
authentication paradigm has the same exact vulnerabilities
and threats
as public/private key digital signature authentication
paradigm).
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomo metzdowd.com
|