Nowadays performance or BOM cost is not a huge issue, favor more powerful components if you can update them more easily. (3/4)
-
Show this thread
-
This is the fundamental reason behind the idea of giving the USB armory a full blown SoC rather than a smartcard. (4/4)
1 reply 4 retweets 8 likesShow this thread -
Replying to @AndreaBarisani
Securing a modern SoC is not easy, no software can fix a TEE issue when a chip does not provide enough isolation on hardware level.
1 reply 0 retweets 1 like -
Replying to @0xABD @AndreaBarisani
Most HSMs that matter have long ago adopted an “FPGA in a tamper-proof metal box” approach, but that is not a silver bullet
1 reply 0 retweets 2 likes -
Replying to @0xABD @AndreaBarisani
PKI key generation requires power, entropy, and trusted isolation well suited for “FPGA in a safe” model, as prescribed by authorities
1 reply 0 retweets 1 like -
Replying to @0xABD @AndreaBarisani
Smartcards were never that good at PRNG nor asymmetric key generation, but that does not mean they have to be abandoned in favor of SoC’s
1 reply 0 retweets 1 like -
Replying to @0xABD @AndreaBarisani
Smartcards present a reduced attack surface and formidable countermeasures against SCA and FI. SoC world is a dumpster fire in comparison
1 reply 1 retweet 2 likes -
Replying to @0xABD
I'd take a larger, but upgradable, attack surface over a smaller one which can only be replaced by physical means, any day of the year.
1 reply 0 retweets 0 likes -
Replying to @AndreaBarisani @0xABD
Also, side channels and FI are not a relevant threat in a wide variety of scenarios and can anyway be accounted for in SoC running firmware.
2 replies 0 retweets 0 likes -
Replying to @AndreaBarisani
SoC’s can have extensive boot ROMs with many kilobytes of highly sensitive code, and an issue in that means physical replacement anyway.
1 reply 0 retweets 0 likes
Agreed, this is an issue which is a reflection of the specific problem I am highlighting, but such ROMs handle far less than a smart card.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.