Re: Blind signatures with DSA/ECDSA?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Often people ask about blind DSA signatures. There are many known variants on DSA signatures which allow for blinding, but blinding plain DSA signatures is not discussed much. Clearly, blinding DSA signatures is possible, through general purpose two party multi-party computations, such as circuit based protocols. However these would be too inefficient. I believe that the technique of Philip MacKenzie and Michael K. Reiter, Two-Party Generation of DSA Signatures, Crypto 2001, http://www.ece.cmu.edu/~reiter/papers/, can be adapted for blind DSA signatures that would be reasonably efficient. The problem they solved was different in that both parties had a share of the private key, and there was no effort to hide the message hash being signed or the (r,s) signature values. However the same basic idea should work. The scheme uses a homomorphic encryption key held by the first party, Alice, who is the one who will receive the signature. Bob is the signer. The homomorphic encryption system allows Bob to take an encrypted value and multiply it by a constant known to him; and also to add two encrypted values together. (That is, Bob can produce an output cyphertext which holds the result. He does not learn the result.) Suggested cryptosystems with the desired properties include those from Paillier; Naccache and Stern; or Okamoto and Uchiyama. Alice starts with the message hash H, and knows the public key parameters y, g, p and q. Bob knows the private key x such that y = g^x mod p, where q is the order of g. DSA signatures are computed by choosing a random value k mod q and computing r = g^k mod p mod q; z = 1/k mod q; s = x*r*z + H*z mod q; with (r,s) being the signature. For the protocol, Alice and Bob will compute k as multiplicatively shared, with Alice knowing k1 and Bob knowing k2, where k1*k2 = k mod q. We start, then, with Bob (the signer) computing r2 = g^k2 mod p and sending that to Alice. Alice computes r = r2^k1 mod p mod q = g^(k2*k1) mod p mod q = g^k mod p mod q. Alice and Bob also compute z1 = 1/k1 mod q and z2 = 1/k2 mod q respectively; then z = 1/k mod q = z1*z2 mod q. Alice uses the homomorphic encryption and produces a = E(r*z1) and b = E(H*z1). She sends these to Bob along with some ZK proofs that the values are well formed. Bob uses the homomorphic properties to multiply the plaintext of a by x*z2 and the plaintext of b by z2 and to add them, along with a large random multiple of q, q*d, where d is random mod q^5: c = a X (x*z2) + b X z2 + E(d*q). Here X means the operation to multiply the hidden encrypted value by a scalar, and + is the operation to add two encrypted values. Bob sends c back to Alice. Alice decrypts c and takes the result mod q to recover s = r*z1*x*z2 + H*z1*z2 = x*r*z + H*z mod q, the other component of the DSS signature. She can verify that Bob behaved correctly by checking that (r,s) is a valid DSS signature on H. For a quick security analysis, Alice is clearly safe as Bob never sees anything from her but some encrypted values, and his k2 share of k is uncorrelated to k itself. In the other direction, Bob has to be concerned about revealing x. He is given two encrypted values and has to multiply one by x*z2 and the other by z2 and add them. If the encrypted plaintexts are u and v, this produces (u*x + v) * z2. This value is completely uncorrelated with x, mod q, because of the multiplication by z2 which is uniformly distributed. Then adding the large multiple of q should effectively hide the value of x. For strictly provable security it may be necessary for Alice and perhaps even Bob to provide some ZK proofs that they are behaving correctly. The system is reasonably efficient, the main issue being the need to be able to PK encrypt values as large as q^6, which for DSS would be 6*160 or 960 bits. That would require a Paillier key of about 2K bits which is very manageable. The total cost is about 9 modular exponentiations of 2K bit values to 1K bit exponents, plus whatever ZK proofs are necessary. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFAiKbxHIAd9K7kkjIRAmLEAKCUNcW3fsDysi9Mul9WlFzVMQivWgCgxdHt dq6rlO2tfSoufs9NrhX616Y= =gBz4 -END PGP SIGNATURE-
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tyler Durden wrote: | However, I'd bet there are short-term applications for crypto that | really matter and yet have no real relationship to $$$ (for instance, | what if there was widespread communications and crypto in Nazi | Germany...would the holocaust have happened?) | | -TD Yes. The Jews knew what was happening which is why the rich, smart, and / or politically savvy got out early in the 30's. Sure it may have saved a few more lives, but prevented it, no. Crypto won't hide your ethnicity. This is like arguing would widespread communications and crypto in the US slave south have prevented black enslavement. Sure the underground railroad would have worked better, but your still black. - -Peter -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFAiN82riJJDZPNJ28RAjbVAKDUWgWQJjH0xw3ulnez9SRfalfLaACgn1I3 jYawSZU+yp9kkXQhxy+oI+g= =3EaI -END PGP SIGNATURE-
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. Of course, some really really smart MwG (or the cool suits standing behind them) will be able to detect that data is being destroyed, but statistically speaking that will be much rarer. -TD From: Major Variola (ret) [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap push Date: Thu, 22 Apr 2004 11:53:07 -0700 At 05:56 PM 4/22/04 +0200, Thomas Shaddack wrote: On Thu, 22 Apr 2004, Major Variola (ret) wrote: At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks. However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn.But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually. If you give them a believable but fake one, it will damage innocents or true members of your association. This brings another ofren underestimated problem into the area of cryptosystem design, the rubberhose resistance. My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Fri, Apr 23, 2004 at 10:43:14AM -0400, Trei, Peter wrote: Step zero is to pull the power, so any shutdown code does not run. Pulling the power is the exact wrong thing to do if it's a CFS requiring a passphrase at startup. Does anyone know what the default procedure is when hardware is being seized (threat model=knuckle-dragger/gumshoe)? I presume people don't yet scan for remote machines on wireless networks, too. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp0.pgp Description: PGP signature
RE: [IP] One Internet provider's view of FBI's CALEA wiretap push
Tyler Durden wrote: I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. Of course, some really really smart MwG (or the cool suits standing behind them) will be able to detect that data is being destroyed, but statistically speaking that will be much rarer. -TD Whats your threat model? If the prospective attacker has state-level resources, this will always fail. There are a number of guides online describing how attackers should deal with computer data. One of the most basic is they *never* run the attackees software on the original disk. Step one is always to make a bit-level mirror of the entire hard drive, and work with a copy of that. Step zero is to pull the power, so any shutdown code does not run. Any protective scheme which relies on the attacker inadvertantly activating software is doomed from the start. If you're dealing with a state-level attacker, any scheme involving explosives or incendiaries would get the attackee in as much or more trouble than the original data would. This is a hard problem. I suspect any solution will involve tamper-resistant hardware, which zeroizes itself if not used in the expected mode. Peter Trei
RE: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 07:43 AM 4/23/2004, Trei, Peter wrote: If you're dealing with a state-level attacker, any scheme involving explosives or incendiaries would get the attackee in as much or more trouble than the original data would. This is a hard problem. I suspect any solution will involve tamper-resistant hardware, which zeroizes itself if not used in the expected mode. Right, there are at least two workable solutions- Hard drives with user alterable firmware. I surprised that none of the major drive manufacturers seems to have thought about offering a version of their controllers, for substantially more money, that offers this. A retrofit device that screws into the side of the hard drive and is set to inject a corrosive that almost instantly destroys the drive surfaces. The device can be triggered by any number of intrusion detectors or a voice-activated system keyed to the operators voice print. steve
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
From: Tyler Durden [EMAIL PROTECTED] 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. For Windows, look up Strong Disk Pro, they're quite paranoid - it can be used like this. Mark
Postfix 2.1 Released (fwd from brian-slashdotnews@hyperreal.org)
mumbleTLS/mumble - Forwarded message from [EMAIL PROTECTED] - From: [EMAIL PROTECTED] Date: 23 Apr 2004 16:26:02 - To: [EMAIL PROTECTED] Subject: Postfix 2.1 Released User-Agent: SlashdotNewsScooper/0.0.3 Link: http://slashdot.org/article.pl?sid=04/04/23/1356214 Posted by: michael, on 2004-04-23 15:14:00 Topic: software, 109 comments from the got-mail? dept. [1]MasTRE writes After an extended period of polishing and testing, [2]Postfix 2.1 is released. Some highlights: complete documentation rewrite (long overdue!), policy delegation to external code, real-time content filtering _before_ mail is accepted (a top 10 most requested feature in previous versions), major revision of the LDAP/MySQL/PGSQL code. Version 2.2 is in thw works, which promises even more features like client rate limiting and integration of the TLS and IPv6 patches into the official tree. There's never been a better time to migrate from [3]Sendmail (just _had_ to get that in there ;). [4]Click Here References 1. mailto:[EMAIL PROTECTED] 2. http://www.postfix.org/ 3. http://sendmail.org/ 4. http://ads.osdn.com/?ad_id=2589alloc_id=6221site_id=1request_id=5961291op=clickpage=%2farticle%2epl - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp0.pgp Description: PGP signature
RE: [IP] One Internet provider's view of FBI's CALEA wiretap push
Right, there are at least two workable solutions- Hard drives with user alterable firmware. I surprised that none of the major drive manufacturers seems to have thought about offering a version of their controllers, for substantially more money, that offers this. A retrofit device that screws into the side of the hard drive and is set to inject a corrosive that almost instantly destroys the drive surfaces. The device can be triggered by any number of intrusion detectors or a voice-activated system keyed to the operators voice print. Maybe there is also a third solution: a FPGA sitting on the IDE bus between the disk and the controller (optionally as a PCI controller card), realtime-encrypting the data with something suitably strong, eg. AES256, with the key stored in a way that's easy to destroy it - most likely a self-contained tamper-resistant device that forgets the key under a range of conditions: if a wrong access code gets entered n times, if a door sensor detects forced entry, if a kill-switch is pressed, if a machine is moved without the correct movement-authorizing code is entered before, anything that fits the threat model. The key itself can be destroyed pyrotechically (burn, chip, burn), or just let a RAM forget it (where the RAM may be a battery-backed microcontroller system which shuffles the bits through a SRAM periodically in order to avoid problems with retention after power-off; the algorithm then can be chosen in the way that makes it more difficult to eavesdrop on the electromagnetical emissions and power consumption variations - a lot of this problematics is already solved by the secure-smartcards industry). Optionally, backup of the code is possible in many forms, if the desired safety/reliability requires recovery from accidental key erase. The key, being just 256 bits, may be stored in myriads ways, including a m-of-n scheme where the parts are stored in various places or under control of different people. Serial EEPROM chips could be suitable as containers, as they are easy to work with, small, easy to transport and hide; this requires a degree of security-by-obscurity, but the possibility to require m chips (or other containers) (which could be under control of other people, including offshore entities) could alleviate this to certain degree.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
From: Tyler Durden [EMAIL PROTECTED] Sent: Apr 23, 2004 10:09 AM To: [EMAIL PROTECTED] Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap push .. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. The obvious problem with multiple levels of passwords and data is: When does the guy with the rubber hose stop beating passwords out of you? After he gets one? Yeah, that's plausible, if he's convinced there's only one. But once he's seen a second hidden level, why will he ever believe there's not a third, fourth, etc.? The same calculation applies to a judge or district attorney. He *knows* (even if he's wrong) that there's evidence of kiddie-porn, drug dealing, etc., in there somewhere. He knows you've given up two passwords. Why is he ever going to let you out of jail, or ever going to reduce the charges down to something a normal human might live long enough to serve out the time for? -TD --John
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 11:33 PM 4/22/04 +0200, Eugen Leitl wrote: This will produce a loud bang, obviously. Thermite is a good choice to turn your fileserver into lava, but that thing better be outside, or mounted in chamotte- or asbestos-lined metal closet. Will produce smoke, and take some time, too. Thanks, I hadn't thought about the sensory impact of various methods. Varying amounts of bang vs. heat vs smoke vs lava. Obviously they affect usage environment. If your keyring's been securely wiped, rubberhosing the passphrase out of you to unlock it will give the attacker very little. Assuming the device is powered on, and easily triggerable, that would be quickest. Yes, particularly if USB flash memory has no persistance. But there is no clear button on a USB dongle. Secure clear would require a small amount of logic. Assuming the knuckle-draggers will know a CFS from a corrupted FS or a dead drive, that is. You know the rules of the game, you have to assume that.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 08:51 PM 4/23/04 +0200, Thomas Shaddack wrote: On Fri, 23 Apr 2004, John Kelsey wrote: The obvious problem with multiple levels of passwords and data is: When does the guy with the rubber hose stop beating passwords out of you? This serves a purpose as well. Why would you ever cooperate if you can't expect much from the deal anyway? Since passphrases are in persons' minds, and minds and wills can be broken, one has to consider the security implications of this. Mil orgs don't assume that prisoners are able to keep secrets under arbitrary duress. Duress layering buys time for your colleages and family in all cases, whether they kill you or not. If they're not killing you, then maybe they'll buy one of the deeper levels of duress layers. If you physically destroy the keys or the data, there is little to gain by torturing you or your family. That is superior to gambling that your deeper duress levels are convincing to the man with the electrodes. An iButton that you could crunch in your teeth to destroy it would be nice...
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
t 10:09 AM 4/23/04 -0400, Tyler Durden wrote: I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. The first thing cops do is make backups of the harddrives. So you can't destroy the real data. You would need a tamper-proof card (ie trusted security region) to implement this. None of the commercial memory gizmos, from USB dongles to stamp-sized memory cards, do this. None of the smart cards are user programmable and none include secure wipe, AFAIK. Do PDA apps? How do they store data between battery changes? Is it enough to hold a tiny memory card for a minute over a lighter? Merely snapping the card into pieces? Does one need to make a scene with fireworks? (I'm remembering that spammer who tried to eat a small memory card.)
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 09:23 PM 4/22/04 +0200, Thomas Shaddack wrote: Innocents could be a good cannon fodder that can bring a lot of backslash and alienation aganst the goons, stripping them from public support. Yes, this has been discussed before, in addition to using it retributionally --finger some deserving civil servant's offspring. But eventually they'll come back to you wanting names that turn out to be legit, and reveal yet more names. Which is not to say that such countermeasures aren't valuable for the *warning time* your colleages get as a result. filesystems (etc) with layers of deniable stego. Are there any decent implementations for Linux/BSD/NT? I haven't looked recently. One property that such a FS or app should have is that it is useful for something *else* besides stego duress layers. Maybe a watermark :-) management tool that can embed multiple watermarks that don't interfere. Hmm... a meaty problem... tasty, with heavy theory sauce.. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. There are magnesium rods on the camping market, sold as firestarters for very bad weather. One can also buy mag ribbon which is more convenient than the mini-ingots you are referring to. I know that pyrotechs coat Mg curls and the like with blackpowder paste (apply wet then dry). A coil of coated ribbon and a rocket-igniter would make a neat little daughterboard :-) Just don't take it on an airplane. There are patents on similar, of course. Testing might get expensive unless you can get destructive-test dongles cheaply, and how much effort do you expend trying to read the data?
Smartcard patents
http://www.financialcryptography.com/mt/archives/000121.html Cryptography Research, the California company that announced the discovery of differential power analysis around late 1997, have picked up a swag of patents covering defences against DPA. One can't read too much into the event itself, as presumably they filed all these a long time ago, way back when, and once filed you just have to stay the distance. It's what companies do, over that side, and if you didn't predict it, you were naive (I didn't, and I was). What is more significant is the changed market place for smart cards. The Europeans dominated this field due to their institutional structure. Big contracts from large telcos and banks lead to lots of support, all things that were lacking in the fragmented market in the US. Yet the Europeans kept their secrets too close to the chest, and now they are paying for the vulnerability. CR managed to discover and publish a lot of the stuff that the Europeans thought they had secretly to themselves. Now CR has patented it. What a spectacular transfer of rights - even if the European labs can prove they invented it first (I've seen some confidential stuff on this from my smart card days) because they kept it secret, they lose it. Secrets don't enjoy any special protection. Security by obscurity loses in more ways than one. What's more, royalties and damages may be due, just like in the Polaroid film case. When both sides had the secret, it didn't matter who invented it, it was who patented it first that won. We will probably see the switch of a lot more smart card work across to CR's labs, and a commensurate rush by the European labs to patent everything they have left. Just a speculative guess, mind. With those patents in hand, CR's future looks bright, although whether this will prove to be drain or a boon to the smart card world remains to be seen.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Fri, 23 Apr 2004, John Kelsey wrote: The obvious problem with multiple levels of passwords and data is: When does the guy with the rubber hose stop beating passwords out of you? After he gets one? Yeah, that's plausible, if he's convinced there's only one. But once he's seen a second hidden level, why will he ever believe there's not a third, fourth, etc.? The same calculation applies to a judge or district attorney. He *knows* (even if he's wrong) that there's evidence of kiddie-porn, drug dealing, etc., in there somewhere. He knows you've given up two passwords. Why is he ever going to let you out of jail, or ever going to reduce the charges down to something a normal human might live long enough to serve out the time for? This serves a purpose as well. Why would you ever cooperate if you can't expect much from the deal anyway?
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Fri, 23 Apr 2004, Major Variola (ret) wrote: filesystems (etc) with layers of deniable stego. Are there any decent implementations for Linux/BSD/NT? I haven't looked recently. One property that such a FS or app should have is that it is useful for something *else* besides stego duress layers. Maybe a watermark :-) management tool that can embed multiple watermarks that don't interfere. Hmm... a meaty problem... tasty, with heavy theory sauce.. Regarding filesystems, some time ago I came up with an idea of a filesystem as a block device that has the filesystem handling code in its bootblock area in a bytecode. Mount the fs, it reads the functions into the interpreter's sandbox. Could be useful especially for read-only media that would be using exotic encryption or compression algorithms, and quick portability of them between various OSes; you have to develop only the interpreter and the filesystem API for any OS in question, the rest is on the medium itself. I recently stumbled over an extremely interesting Linux project, FUSE - filesystem in userspace. The fuse.o module serves as an interface between the kernel and user space, relaying the filesystem-related calls. It's quite robust approach, as any crash of the external filesystem code is in userspace and is unlikely to take down the machine itself. Wondering if something like that could be written for Windows. Would simplify a lot of things. There are magnesium rods on the camping market, sold as firestarters for very bad weather. One can also buy mag ribbon which is more convenient than the mini-ingots you are referring to. I know that pyrotechs coat Mg curls and the like with blackpowder paste (apply wet then dry). A coil of coated ribbon and a rocket-igniter would make a neat little daughterboard :-) Just don't take it on an airplane. There are patents on similar, of course. Somebody mentioned here the trick with KMnO4 and glycerol. I saw this experiment in elementary school, where it was shown as a demonstration that mixing ordinary things may give extraordinary results - it was shown to light up a glob of magnesium shavings. A setup with a dongle circuitboard covered with an insulating/protective varnish, a magnesium strip attached over the memory chip (held in place by steel wire thick enough to keep it there even while burning, for long enough to deliver enough heat into the chip, or wrapped around the chip and the board), the strip coated with caked permanganate, and a glass vial with glycerol in the dongle's casing, could be usable for the field use - if you get enough time to drop the dongle and step on it. Electrical ignition of the Mg strip may be useful in the setups when the device is connected to home security system or machine movement sensors. A purely electronic system would have an advantage, though - could be shipped much easier as it won't contain more dangerous components than a lithium or silver-oxide cell. Maybe a microcontroller with a SRAM chip, with the data stored as XORs of pairs of cells, and the micro periodically inverting the pairs, to prevent the remembering in the SRAM cells after a power-off? (Related question: are there any SRAM chips with smaller capacity, that would have smaller case and smaller number of pins?) Testing might get expensive unless you can get destructive-test dongles cheaply, and how much effort do you expend trying to read the data? Or replace the test dongles with test rig with a mechanically similar chip; new serial EEPROMs in SMD casings can be bought for as cheap as USD1/3-1/4, maybe even less. We don't need to completely obliterate the chip; we need to heat it just enough to get the electrons from the floating gates (maybe my terminology is wrong, but if you saw a pic of an EEPROM or FEPROM cell, you are likely to know what I mean), get them over the not-that-high energetical barrier so they can (and will) jump back and forth freely, discharge the memory cells. Then not even the most expensive atomic-level machinery can recover the original content. If the temperature is enough to recrystallize the silicon at the chip surface, it should have a rather wide safety margin. The casings of the SMD chips are fairly thin - under a millimeter between the surface and the chip, so even a relatively small strip should be enough. Tests can be done even with discarded chips, as the remains aren't required (nor supposed) to be functional anyway - they have to be examined by eg. optical microscopy. Electron microscopy would be the best - but that's outside of the reach of a garage technician; maybe an university or an industrial lab could be hired or bribed to do the tests, though.
