LOGIN   :::   RECOVER PASS   :::   GET ACCOUNT    
Browse
  • Projects
  • Code (CVS)
  • Forums
  • News
  • Articles
  • Polls
    •  
    OpenCores
  • FAQ
  • CVS HowTo
  • Mission
  • Media
  • Tools
  • Sponsors
  • Mirrors
  • Logos
  • Contact us

    •  
    Tools
  • Search
      
  • Download Cores (CVSGet)
    •  
    More
  • Wishbone
  • Perlilog
  • EDA tools
  • OpenTech CD
    •  
    Navigation: All forums > Cores > Message List > Message Post

    Message

    Reply | Reply all
    Date Prev | Date Next | Thread Prev | Thread Next Date Index | Thread Index

    From: Wesley J. Landaker<wjl@i...>
    Date: Sat Jan 14 17:36:02 CET 2006
    Subject: [oc] Cryptographic hardware
    Top
    On Friday 13 January 2006 23:25, thilo wrote:
    > Wesley J. Landaker wrote:
    > >1. There are an infinite number of (I,t) pairs.
    >
    > Wrong, i.e. a 256 bit aes (key-size) has exactly 2^256 different inputs
    > and each input maps (by definition) to exactly one output
    > I assume we are talking ecb mode.

    Sure, if it's *actually* 256-bit AES, with no added features, backdoors,
    bugs, etc. But we're talking about a *black-box*. You can't assume anything
    about a black-box, even if someone says, "oh yeah, it's AES".

    Now, if you're talking about AES code that you can examine and you just want
    to test it to make sure it doesn't have BUGS. Then this whole thread is
    moot, since that's not a black-box. =)

    Also, if you're talking about a black-box that doesn't do encrpytion, but
    just generates keys--well, you can always check the output before using it,
    but then, what's the point of having the black-box? You still couldn't test
    every possible output to make sure it always generates a good key.

    > >2. Every possible sequence of inputs (I,ti) must be tested and compared
    >
    > Maybe, but in reality if the box passes the nist test-vectors, and if
    > it's design is verified by an independant authority (e.g. nist)
    > it can be trusted (gets expensive).

    Granted, if it's *design* is verified--so it's no longer a black-box--then
    sure, you can have trust in it that's as good as the verification. But no
    amount of verification or testing of a black-box can or will ever give any
    real confidence in it's future behavior.

    > >For example, what about black box that you suspect stores that last 1024
    > >encryption keys used and spits them out instead of the normal expected
    > >encrypted data when a certain sequence of data is input? How can you
    > > prove that this is NOT the case? Only by testing every possible input
    > > sequence, or by breaking open the black box and checking some other
    > > way.
    > >
    > >If you're even slightly worried about it, it's better to not even think
    > >about using a black box. =)
    >
    > Is that now theoretical or do we want to be pragmatic?

    No, that's not theoretical, that's a simple backdoor that would be very easy
    to add to almost any security product; not only that, but this, and much
    more complecated schemes have been done many times in the past, and will
    continue to be done in the future by various parties for whatever nefarious
    purpose.

    Now, remember, the OP mentioned black-boxes. I'm talking about black-boxes.
    If you're talking about something ELSE, then my comments obviously don't
    apply directly. =)

    --
    Wesley J. Landaker <attachment.pgp

    ReferenceAuthor
    [oc] Cryptographic hardwareThilo

     
    Copyright (c) 1999 OPENCORES.ORG. All rights reserved.