On Fri, Jul 28, 2006 at 03:52:55PM -0600, Anne & Lynn Wheeler wrote: > Thor Lancelot Simon wrote: > >I don't get it. How is there "no increase in vulnerability and threat" > >if a manufacturer of counterfeit / copy chips can simply read the already > >generated private key out of a legitimate chip (because it's not protected > >by a tamperproof module, and the "significant post-fab security handling" > >has been eliminated) and make as many chips with that private key as he > >may care to? > > > >Why should I believe it's any harder to steal the private key than to > >steal a "static serial number"? > > so for more drift ... given another example of issues with static > data authentication operations is that static serial numbers are > normally considered particularly secret ... and partially as a result > ... they tend to have a fairly regular pattern ... frequently even > sequential. there is high probability that having captured a single > static serial number ... you could possibly correctly guess another > million or so static serial numbers w/o a lot of additional effort. This > enables the possibly trivial initial effort to capture the first serial > number to be further amortized over an additional million static serial > numbers ... in effect, in the same effort it has taken to steal a single > static serial number ... a million static serial numbers have > effectively been stolen.
The simple, cost-effective solution, then, would seem to be to generate "static serial numbers" like cipher keys -- with sufficient randomness and length that their sequence cannot be predicted. I still do not see the advantage (except to Certicom, who would doubtless like to charge a bunch of money for their "20-40k gate crypto code") of using asymmetric cryptography in this application. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]