[Cryptography] Techniques for malevolent crypto hardware (Re: Suite B after today's news)
Thor Lancelot Simon
tls at rek.tjls.com
Sun Sep 8 15:10:45 EDT 2013
On Sun, Sep 08, 2013 at 02:34:26PM -0400, Perry E. Metzger wrote:
>
> Any other thoughts on how one could sabotage hardware? An exhaustive
> list is interesting, if only because it gives us information on what
> to look for in hardware that may have been tweaked at NSA request.
I'd go for leaking symmetric cipher key bits into exposed RNG output:
nonces, explicit IVs, and the like. Crypto hardware with "macro" or
"record" operations (ESP or TLS record/packet handling as a single
operation; TLS or IKE handshake, etc.) offers ample opportunities for
this, but surely it could be arranged even with simpler hardware that
just happens to accellerate both, let's say, AES and random number
generation.
Thor
More information about the cryptography
mailing list