[Cryptech Tech] Key generation and storage

[Basil Dolmatov]

I do wonder too... 

Отправлено с iPhone

> 30 янв. 2015 г., в 4:04, Rob Austein <sra at hactrn.net> написал(а):
> 
> At Wed, 28 Jan 2015 09:00:36 -0500, Rob Austein wrote:
>> At Wed, 28 Jan 2015 14:25:36 +0100, Jakob Schlyter wrote:
>>> 
>>> 1. Key Generation
>>> 
>>> Question: Are keys generated by ARM or FPGA?
>>> 
>>> - Key generation in FPGA requires minor CPU core.
>>> - Key generation in ARM can use cryptlib.
>>> 
>>> Recommendation: In order to contain and protect the key generation process, perform all key generation in the FPGA.
>> 
>> I thought the ARM in question was inside the tamper boundary.
> 
> Having heard no response, I thought perhaps I should expand a bit on
> this question.
> 
> a) In case it wasn't clear, I was assuming that key generation on the
>   ARM was in software, eg, cryptlib, not in some spooky hardware
>   thing on the ARM.
> 
> b) As far as I know, we are not planning any sort of security barrier
>   between the FPGA (blue) and ARM (green).  Both are inside the
>   tamper boundary.   Adding a security barrier on that interface
>   looks like a slippery slope to me.
> 
> So, again: what's the problem we're trying to solve by moving key
> generation onto the FPGA?
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech