[Cryptech Tech] goals / use cases

Joachim Strömbergson joachim at secworks.se
Thu Jan 29 09:56:44 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Peter, saw that you noted FIPS 180 vs FIPS 186 in a separate, sorry,
please ignore this. Someday I will remember to read through all mails
before answering...

Joachim Strömbergson wrote:
> Aloha!
> 
> Peter Gutmann wrote:
>> =?UTF-8?B?Sm9hY2hpbSBTdHLDtm1iZXJnc29u?= <joachim at secworks.se> 
>> writes:
> 
>>> I'm not worried cores in the SoC don't conform to FIPS 197 or
>>> FIPS 180-4 for example.
>> I am.  The DSA/ECDSA family (paranoia: thoughtfully provided to us
>> by the NSA) is a perfect host for any manner of subliminal channels
>> for leaking keys.
> 
> DSA/ECDSA is not the same thing as AES (FIPS 197) or SHA-1 (FIPS
> 180). When it comes to EC and RSA I think we probably are on the same
> level of paranoia.
> 
>> No they wouldn't.  You can perform infinite amounts of black-box 
>> testing and not be able to detect them.  This is something where
>> you really do need to trust (or verify) your implementation.  This
>> is why I pointed out that the AES and SHA-1 cores were
>> deterministic, which makes them safe (enough) to use. DSA/ECDSA are
>> nondeterministic and very easy to slip subliminal channels into,
>> which is why if you do anything in an FPGA you'd want it to be
>> these ones.
> 
> Come on, we _are_ discussing pros and cons for using the "perfectly 
> functional" (as you stated) AES and SHA-1 cores for our own cores in
> the FPGA. And for these cores (AES, SHA-1), the functionality is,
> again as you say, deterministic. And therefore I am not worried that
> there are _functional_ (that is, they give other bitwise results out
> for a given input) backdoors that wouldn't be fairly easy to
> observe.
> 
> You are moving the goal posts.
> 
> _______________________________________________ Tech mailing list 
> Tech at cryptech.is https://lists.cryptech.is/listinfo/tech

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJUygPcAAoJEF3cfFQkIuyNF/4P/3jKhd+fJfu7v6WD3uazWqju
4ihXtYpmgn4o4lcw06LL1NDd/lGiCgLuAI2jIf7RwQllEPIRyPyP788uj+pX+DMH
M7xHba0DPAI/8dOsAVQkNc5lKldOUZwj/ExkDinFE4r3xT1Oui6FjCrP2pBXP/OT
6Rs8hH0UEAt20f9+6zyd8VDeBOIyfUGWIBZuH+UsPQ2sJxbbJQLtlMTmSwTZ0+cb
Cbq/N82PBc2FvXwsfwizq8CsaUzq5XTJMx/jymVSmn835hL8I4Dl3O+NHt0fPigY
nJTqV4kXpxtUIG1DPPyVaaCxZpVbD7//cdIZw4Oi/tZvzj2Ps5N6Bok0as2aO5Jn
GwrE6Qo0NE2ZDhWsaH5VKOcK1WZQfr6wXrn8J2u8K77S99K9o/WUTr4ZhF9NM6By
gCBvI7/JMHTCiilexzzP3Kd1HgZTqYJ9Y0mjt99EjGJwraouTeoH1TseRH1aEWaM
L5+ODy65Fw877YYunzWhZ15r3SzpPG01us0KnkRI7MJeoeUnKnFZFBYpXdeJuZ7p
6/mOwegqGLd+Lyczvc0RGzLSb7Wz51fG8xhVFEvED0NLZUEgmAqegMPVXqDlTvJf
8gx46vdTG6L9j4O7A6Z4uhtTdRXH2FvO9mA1AxJuuMT5v2okDp1AvcUrCo7BHOit
zCwA+E0eOyXV18Rwor7+
=fRNE
-----END PGP SIGNATURE-----


More information about the Tech mailing list