Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:05 ADT
Tom Weinstein (tomw@netscape.com)
Thu, 25 Jun 1998 13:47:14 -0700
Mike Rosing wrote:
>
[ ... snip ... ]
> Probably not. Physical security works better for that threat model,
> don't let the "enemy" have access to something that's so sensitive it's
> worth the millions of dollars in equipment to hack. Most smart cards
> won't be holding $1000 let alone a million. It would be easier to
> (very carefully) cut the card open and read the keys directly than
> deal with timing or power type attacks.
It's not "millions of dollars in equipment". It's about $1000 in
electronics, a card reader, and a computer. I imagine it would be fairly
straightforward to hack a Mondex ATM to include this gear.
> It's about the same as counterfeiting money - it costs more in time and
> equipment than you can mint and recover. I think Paul's papers are good
> academic work, but I don't think these attacks are a real threat to worry
> about. They guy in charge of handing out the cards is a bigger threat,
> if I'm the banker that's what I'd worry about.
My impression is that this is not merely a "theoretical" attack.
-- What is appropriate for the master is not appropriate| Tom Weinstein for the novice. You must understand Tao before | tomw@netscape.com transcending structure. -- The Tao of Programming |
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:05 ADT