-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 12/05/2013 08:08 PM, Peter Lebbing wrote: > On 05/12/13 13:20, Paul R. Ramer wrote: >> On that note, why assume that the manufacturer would not do the >> opposite: feign helping the spy agency by giving them a >> compromised ROM and then substituting a secure one on the real >> product. In either case, we are assuming the company would try to >> supply different bodies with different ROMs. > > We're debating the risk that a card is backdoored. If there is such > a risk, that risk still exists if we allow for the possibility that > manufacturers try to do what you say. They're not mutually > exclusive; how come you infer that I assume that the manufacturer > would not do the opposite? >
The smartcard having a bad RNG as seen in [0] springs to mind. References: [0] http://sites.miis.edu/cysec/2013/10/10/taiwans-citizen-smart-card-plan-compromised-by-bad-rngs/ - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "Great things are not accomplished by those who yield to trends and fads and popular opinion." (Jack Kerouac) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSoNKKAAoJEAt/i2Dj7frjgacQAKftpqC3shsP1p4oF1Ksdd25 bjS1lX/SsGUKe5ynKr6elY7NxAea6L7QH5yP9uinBYDGpZnUV9JcNAyYtwUwYlDS MwPoYXcOdoYVe/cSIJflARDBzDDdaLw/51O/4ZReeYUjOQlz5Lr+JqO0O/02FcwJ E3jKHkQo44CbpYEqF3LAIl7qua2eMwNV99hxvuUQxrj3k3FJAZaPrAP9duJkA9BA Ssvq4iBWVgikPw8jrefBrzhIpSTjSYSslXEJzgBnYsQ6zbPtWnX/15cVz8n4GWiI o06A7Obx1siIzOL/S+nJK1jv8as3JU/Q5Xh5OfvmiXhjljhjQr0lKo4DMEaQ4z6B IPJODsL8Pe6u44kC+qyZ0JABFxUlDPh4RD8xpFeJBizZPajoYfJWBEyNuW0swB5J L2WZqRITYiz/epQROp6SLPY06O2ym78twwjM/ldtH1dgVqygze15aNB0onHeSZd7 8LDvm4Dnn4F259nuPyJ0ejjtvupOu/DkHE8UShynEELuFIrxenEEULplISRJ8To9 d+bwEaX0nfPMSbj6j8cBsMa1YyxI2NHqmgPweqc9UB+FUi6Mc6/W9HfRH5XgAW+J sSZDWJvOBLWMAf6qOnCIK6WmhhlPY0YYiFQByiBF3idmVIj4iAokbr7kHvPepIMj 6tzH0YpBaNF9wSLh7tMh =fTni -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users