Randomness, Quantum Mechanics - and Cryptography
Marsh Ray
marsh at extendedsubset.com
Tue Sep 7 16:22:24 EDT 2010
On 09/07/2010 02:18 PM, Perry E. Metzger wrote:
>
> The question is, can you make it more expensive to do that than to,
> say, buy a new parking card or whatever else the smart card is being
> used for. If the attack is fairly cheap and repeatable and yields
> something reasonably valuable, you have a problem. If you can make the
> attack expensive and only yield something cheap, you're doing well.
The designer often has wrong information about what the system will be
used for. Most systems don't see much adoption and are discontinued
because they don't make any money. Systems that succeed with low-value
transactions tend to get repurposed for more and more important roles
until the breaking point. SSL and Zigbee are two examples.
Imagine how much an additional shielded region would cost to a cell
phone that's expected to sell 50 million units. An engineer is probably
going to be trading that cost off against some other feature with a
tangible benefit. When the junior engineer speaks up and says "let's
just use the microphone for entropy gathering instead" he's going to be
considered a hero for saving millions.
An additional consideration is that the device must also operate
reliably when someone puts popcorn in the microwave or uses an arc
welder in the next room. The detector must absolutely never create a
false positive.
Most actual consumer products sold will prefer to continue insecure
operation rather than shut off. For example, the GSM standard includes a
mechanism to notify the user on the display if they're connected to a
cell tower with an unencrypted signal. Cell carriers typically disable
this notification, presumably because it tangibly increases support
costs for a benefit that appears highly theoretical. It's usually only
when it's the interests of the manufacturer that are being protected
that a device will actually go out of its way to find a reason to cease
operation (e.g., DRM).
- Marsh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list