Crypto to defend chip IP: snake oil or good idea?

Thread: Crypto to defend chip IP: snake oil or good idea?

Search this list only Search all lists
Crypto to defend chip IP: snake oil or good idea?
	2006-07-29 00:46:54
Thor Lancelot Simon wrote: > The simple, cost-effective solution, then, would seem to be to generate > "static serial numbers" like cipher keys -- with sufficient randomness > and length that their sequence cannot be predicted. I still do not see > the advantage (except to Certicom, who would doubtless like to charge a > bunch of money for their "20-40k gate crypto code") of using asymmetric > cryptography in this application. which effectively gets you the same as the secure hash scenario for the static account number scenario ... example immediately following the million static serial numbers in the same post: http://www. garlic.com/~lynn/aadsm25.htm#4 which is countermeasure to attackers taking advantage of regular pattern. however, if the static serial number is ever used for any purpose ... it then has to be exposed ... since it is static ... it then is subject to skimming, evesdropping, etc ... and then used in replay attacks, i.e. previous post http://www. garlic.com/~lynn/aadsm25.htm#4 the only equivalent of static serial number to private key is if it is never exposed ... which effectively implies that it is never used, i.e. previous post http://www. garlic.com/~lynn/aadsm25.htm#4 for years the standard security response has been that the best security is to lock it away and never use it and/or provide access. if it is ever used for any purpose ... then it can be exposed all over the place ... in manner similar to static account numbers (even with the static secure hash) described in the same posting as the million account number scenario, i.e. previous post http://www. garlic.com/~lynn/aadsm25.htm#4 so is the issue really with asymmetric key cryptography technology done in custom circuit design ... or is the issue with certicom?? btw, the 40k circuit core design that i referred to done in late 99 and early 2000 had no certicom content ... even the ecc was done w/o any certicom content. ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1]

about | contact Other archives ( Real Estate discussion Medical topics )