On Thu, 17 Oct 2002, Tyler Durden wrote: > If crypto is performed by hardware, how sure can users/designers be that it > is truly secure (since one can't examine the code)?
Deterministic algorithms with known internal state and fed with same test vectors generate exactly the same output as their software pendants. This is easy enough to test. However, save of etching away the packaging, and tracing the circuitry it's impossible to prove the absence of easter eggs, which, say, make you spill the key if exposed to a magic frame.