<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">The chip we’re using was chosen in part because it has a hardware lock-down feature specifically designed to defeat such an attack:<div><br></div><div><a href="http://www.st.com/web/en/resource/technical/document/application_note/DM00075930.pdf">http://www.st.com/web/en/resource/technical/document/application_note/DM00075930.pdf</a><br><div><br></div><div>It’s designed to keep the Chinese from stealing proprietary code, but it works for keys as well. But if you’re still worried that an adversary is going to, say, do a direct hardware probe of the EEPROM, you can add a layer of security in software by encrypting the keys with a pass-phrase. And if you really want to batten down the hatches you can have the device erase the keys after N unsuccessful attempts to decrypt them, or (for you Mission Impossible fans out there) if the correct pass phrase is not provided within a certain amount of time.</div><div><br></div><div>rg</div><div><br><div><div>On Jan 25, 2016, at 10:23 AM, Gé Weijers <ge@weijers.org> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">The question is whether that particular ARM processor can keep a secret if it gets into the wrong hands. People with logic analyzers and chip probes.<br><br>Gé<br><div class="gmail_quote"><div dir="ltr">On Tue, Jan 19, 2016 at 12:38 Ron Garret <<a href="mailto:ron@flownet.com">ron@flownet.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I’m working on a design for a minimalist secure hardware dongle. The goal is to have it be usable as an HSM for the secure storage of secrets. I have a prototype running on a Teensy3, but I’ve come to the conclusion that in order to really be secure there has to be some I/O on the dongle itself. Hence, I am commissioning a new design that is essentially a Teensy3 with the addition of an OLED display and two push-buttons. It will also have an on-board noise source for key generation. The resulting device will be very similar to the Trezor, but not designed specifically for BitCoin. I expect to be able to sell them for about $50.<br>
<br>
If anyone here has an interest in such a device and would like to see a feature that I have not listed please let me know.<br>
<br>
rg<br>
<br>
_______________________________________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com" target="_blank">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" rel="noreferrer" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a></blockquote></div><div dir="ltr">-- <br></div><div dir="ltr">—<br>Gé</div>
</blockquote></div><br></div></div></body></html>