And yet nobody found ROCA. Even though that code stank. Audits are largely useless, because they often just verify that you do what you say you do, not that you're actually secure. "Yes, we have these mitigations (which stop one variant of an attack but not another)".
-
This Tweet is unavailable.
-
This Tweet is unavailable.
-
Ok I got your point and I don't disagree. I just want to insist on the fact that the solution is more to try to open Secure chips, rather than using broken ones... Telling the opposite is a big fallacy, and I hope it's just a troll
Oh, I absolutely would *love* to have open secure ICs. But since that doesn't seem to be happening any time soon, you're left with a choice, and I'm starting to wonder if the open alternative might actually be better given that we can't have both.
-
-
It sounds like a more balanced opinion. There are many issues using broken chips: - no physical security (it's bad for an on-the-field security device) - no way to guarantee the code running in it is actually yours - not possible to implement attestation mechanism ...
-
#1 is the only real problem; if anything, with vendor locked down black boxes you have fewer true attestation capabilities (sure there are mechanisms, but they depend on trusting the vendor). With an open chip it's easy to validate that it is wiped clean and then flash your code.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.