Crypto to defend chip IP: snake oil or good idea?
Thor Lancelot Simon
tls at rek.tjls.com
Fri Jul 28 13:08:45 EDT 2006
On Thu, Jul 27, 2006 at 08:53:26PM -0600, Anne & Lynn Wheeler wrote:
>
> If you treat it as a real security chip (the kind that goes into
> smartcards and hardware token) ... it eliminates the significant
> post-fab security handling (prior to finished delivery), in part to
> assure that counterfeit / copy chips haven't been introduced into the
> stream .... with no increase in vulnerability and threat.
I don't get it. How is there "no increase in vulnerability and threat"
if a manufacturer of counterfeit / copy chips can simply read the already
generated private key out of a legitimate chip (because it's not protected
by a tamperproof module, and the "significant post-fab security handling"
has been eliminated) and make as many chips with that private key as he
may care to?
Why should I believe it's any harder to steal the private key than to
steal a "static serial number"?
Thor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list