[Cryptography] Techniques for malevolent crypto hardware

Perry E. Metzger perry at piermont.com
Tue Sep 10 15:16:59 EDT 2013

On Sun, 8 Sep 2013 15:22:32 -0400 "Perry E. Metzger"
<perry at piermont.com> wrote:
> Ah, now *this* is potentially interesting. Imagine if you have a
> crypto accelerator that generates its IVs by encrypting information
> about keys in use using a key an observer might have or could guess
> from a small search space.

Oh, and of course, if you're doing a DSA style algorithm, you can
leak information in your choice of random nonce. This is yet more
reason to force protocols to use nonces that are deterministic based
on context, and to enforce that.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list