[Cryptography] Techniques for malevolent crypto hardware
Perry E. Metzger
perry at piermont.com
Tue Sep 10 15:16:59 EDT 2013
On Sun, 8 Sep 2013 15:22:32 -0400 "Perry E. Metzger"
<perry at piermont.com> wrote:
> Ah, now *this* is potentially interesting. Imagine if you have a
> crypto accelerator that generates its IVs by encrypting information
> about keys in use using a key an observer might have or could guess
> from a small search space.
Oh, and of course, if you're doing a DSA style algorithm, you can
leak information in your choice of random nonce. This is yet more
reason to force protocols to use nonces that are deterministic based
on context, and to enforce that.
Perry E. Metzger perry at piermont.com
More information about the cryptography