There's a naive belief that hardware crypto means more secure crypto. In reality hardware crypto means crypto that's harder to audit.
-
-
you're missing correct sig implementation. Both RSA and ECDSA have subtle issues that can lead to private key leakage (RSA-CRT bug, dup r)
-
these are subtle issues that can't be seen with limited functional tests, but can be prevented with careful implementations
-
I was grouping this sort of thing as exfil, but thought it was practical to run tests for.
-
RSA-CRT bug means if one calculation goes wrong you leak a key. This may happen after 10 million sigs. or if the device is too hot. or...
-
you can implement a countermeasure against that attack (verify sig before exposing), but you need to see the code to see if it's there
-
I guess this means the device you use the module with can guard against it, but loss of physical control could comprise key.
-
that's only one scenario, these errors can happen at random, and that really happens https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf …
End of conversation
New conversation -
-
-
The former is nearly impossible, latter is relatively easy. IMO the conclusion is you should never allow hardware devices to do keygen.
-
Worst-case, the hardware device's RNG is intentionally implemented as hash(serial_no+vendor_secret+counter).
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.