Thor Lancelot Simon wrote:
So, you sign the public key the chip generated, and inject the _signed_
key back into the chip, then package and ship it. This is how the SDK
for IBM's crypto processors determines that it is talking to the genuine
IBM product. It is a good idea, and it also leaves the chip set up for
you with a preloaded master secret (its private key) for encrypting other
keys for reuse in insecure environments, which is really handy.
But do we really think that general-purpose CPUs or DSPs are going to
be packaged in the kind of enclosure IBM uses to protect the private keys
inside its cryptographic modules?
so one analogy to explore is somebody claims pin/passwords
authentication infrastructures have the exact same vulnerabilities (no
more and no less) as private key digital signature authentication. that
evesdropping attacks on digital signatures represents the exact same
vulnerability as evesdropping on pin/passwords.
to further explore this analogy ... the registration of a public key as
part of digital signature infrastructure represents the same exact
vulnerability as pin/password registration .... i.e. that anybody having
access to the public key registration file can take the public key and
perform a fraudulent authentication ... because just like in
pin/password authentication paradigm ... the public key is used for both
originating the authentication as well as verifying the authentication.
for some additional assertions in this analogy ... that would imply that
an attacker only needs to learn the public key in order to perform a
successful attack and doesn't actually require access to the private key
at all (assuming an assertion that a serialno/pin/password
authentication paradigm has the same exact vulnerabilities and threats
as public/private key digital signature authentication paradigm).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]