There's a naive belief that hardware crypto means more secure crypto. In reality hardware crypto means crypto that's harder to audit.
I wonder if any drivers/sw for usb crypto modules implement this protection.
-
-
that would be very wise. interesting thought, because there's no reason not to do this, you only need the sig and the public key for it.
-
Further thought: is it still possible to exfil key via padding?
-
I'm not aware of any padding attacks that can leak keys. They usually only allow decrypting or signing with the key.
-
I mean if a malicious hardware module *wanted* to leak bits of the private key in ways its creator could recover.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.