Phil Howard <[EMAIL PROTECTED]> writes: > Ultimately, I'll personally depend on crypto in software I can access for > myself. I think that's your real point.
Thanks for the well thought-out reply. I too would place a heck of a lot less trust in some crypto chip than something that is inspectable. > What interests me among Hifn's chips are not the crypto capabilities, but > the compression capabilities. Interesting. I didn't realize they did that. It looks like a safe enough use. knitti <[EMAIL PROTECTED]> writes: > any algorithm the cards claim to implement _is_ fully documented, so > you can test any output except that of the RNG against a 'known > good' implementation Even if the cipherstream out of a chip is the same as the software implementation in general, what prevents the chip from switching to a trojan mode when it sees a certain data-pattern in the plaintext input stream? Sure the other side might not be able to decrypt the doctored up cipherstream, but the information would have already been leaked. Heck, if both sides use the same chip, the receiving chip could even recognize the data stream and pretend that nothing out of the ordinary were going on. Personally I don't see how a hardware chip maker can prove that the chip doesn't have a trojan without providing masks for inspection and a way to prove that those masks and only those masks were used to make the chip. Open source and all that. -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
