Welome to the Internet, here's your private key
Ryan McBride
mcbride at countersiege.com
Tue Feb 5 18:18:35 EST 2002
On Tue, Feb 05, 2002 at 11:16:40AM -0800, Bill Frantz wrote:
> I expect you could initialize the random data in that memory during
> manufacture with little loss of real security. (If you are concerned about
> the card's manufacturer, then you have bigger problems. If anyone does,
> the manufacturer has the necessary equipment to extract data from secret
> parts of the card, install Trojans etc.)
"They say a secret is something you tell one other person"
-- U2, "The Fly"
While it is true that most users of smartcards will choose to simply
trust the manufacturer, paranoid users could use a n choose m type of
approach to achieve a certain level of assurance. In most cases
verifying that a card is trojan free is a destructive process, so the
user would test a relatively low percentage of cards and make the
penalty for cheating high enough to ensure that the manufacturer stays
honest.
Having the manufacturer provide the random data changes the burden of
proof drastically - there is no way for to _prove_ that they did not
retain a copy of the random data, while it can be proved that they did
not try to cheat simply by testing all the cards.
Additionally, if the manufacturer is providing the secrets on the card
it appers that one weakens the non-repudiation property of signatures
derived from this secret.
All in all, it seems like manufacturer provided secrets are not a Good
Thing(tm). The whole idea with smartcards is that _nobody_ knows the
secrets, right?
-Ryan
--
Ryan T. McBride, CISSP - mcbride at countersiege.com
Countersiege Systems Corporation - http://www.countersiege.com
PGP key fingerprint = 645D 30F3 6A3A A4FD 2B95 3EF3 10AD D8C8 834B 6CEE
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list