[Cryptech Tech] goals / use cases

Joachim Strömbergson joachim at secworks.se
Thu Jan 29 09:47:51 UTC 2015

Previous message: [Cryptech Tech] goals / use cases
Next message: [Cryptech Tech] goals / use cases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Peter Gutmann wrote:
> =?UTF-8?B?Sm9hY2hpbSBTdHLDtm1iZXJnc29u?= <joachim at secworks.se>
> writes:
> 
>> I'm not worried cores in the SoC don't conform to FIPS 197 or FIPS
>> 180-4 for example.
> 
> I am.  The DSA/ECDSA family (paranoia: thoughtfully provided to us by
> the NSA) is a perfect host for any manner of subliminal channels for
> leaking keys.

DSA/ECDSA is not the same thing as AES (FIPS 197) or SHA-1 (FIPS 180).
When it comes to EC and RSA I think we probably are on the same level of
paranoia.

> No they wouldn't.  You can perform infinite amounts of black-box
> testing and not be able to detect them.  This is something where you
> really do need to trust (or verify) your implementation.  This is why
> I pointed out that the AES and SHA-1 cores were deterministic, which
> makes them safe (enough) to use. DSA/ECDSA are nondeterministic and
> very easy to slip subliminal channels into, which is why if you do
> anything in an FPGA you'd want it to be these ones.

Come on, we _are_ discussing pros and cons for using the "perfectly
functional" (as you stated) AES and SHA-1 cores for our own cores in the
FPGA. And for these cores (AES, SHA-1), the functionality is, again as
you say, deterministic. And therefore I am not worried that there are
_functional_ (that is, they give other bitwise results out for a given
input) backdoors that wouldn't be fairly easy to observe.

You are moving the goal posts.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUygHHAAoJEF3cfFQkIuyNDbIQAM/47TyHo2DD2IBD0OzUlz2b
cOQ7eDbhgBZQiU1trFnLXWEfpYD2swq+b0vap55LhAihuNIaiAtbWhC2EJrALv7W
Qz780LKtXznLuoztvgbp+XzQIUSlLa2KyBFV+VILyBgI9MLT+CY8G7kvOI8vlKAz
bzUfYTJ84JRJEtEsMh9kWjaIwwqMqTajhSQjWbMXWJytD8So+e76MlztXdDk9F/y
ozqNAUMVCEk3jQai66+rXIuVlAnA8cdw6BewHdr+YEObxzU94dxDtwirBjs5TVPd
vlPi1BmoLZyiLJZ+APtIPnm/XNYjTkPONVmlSFsvv4pjJFIlm4IlUaPZ517/HO1B
EjxRVJmf1C5EfwBr4W6oKx21VQr99thuJ5Rbo8hytUJ+NoQ7BzUmi4TpuX+ZgFsU
0tFWQ3aubdVak/o7pwzYC4juqCSRPaI1TvRhWiZBNB+z36pSOpZ39frbpH5MUmo9
cq1E2gMak69FU8oMOb8FFRcA+8arGv+PMfQ1Kthhn/JBYw2GsUzfZlHTPBC305+1
UntyU5WMvOh7Hxwqn852VOAJp1m+0Lsn3YzErmpNhxuZ24qKihcHenu9drQpHXrW
Uu2zowEh+OARIHP21zilZWadHJCq3juswR8cZnh3TfUZoKou3GCn8gCgIJz1/HZc
OmeUH0C93HM547eonhWW
=zTZp
-----END PGP SIGNATURE-----

Previous message: [Cryptech Tech] goals / use cases
Next message: [Cryptech Tech] goals / use cases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list