Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:59
Bill Stewart (bill.stewart@pobox.com)
Wed, 16 Sep 1998 18:45:33 -0700
>> >This is why hardware algorithms without sub-liminal channels are
>> >so important.
>> Unfortunately, you're correct here. The problem is that
>> the algorithm I most want a system to use, Diffie-Hellman,
>> is easy to put subliminal channels in if you're using it in the
>> new-key-every-time mode for perfect forward secrecy.
>Isn't this a general problem with any sort of public-key encryption? The
>thing which gets encrypted is generally a key coupled with an IV, and both
>of those are nothing but nice fat subliminal channels.
Yeah. For specialized applications you can sometimes get around it,
e.g. the encryption key or IV for an email message could be the
hash of the message body, which the recipient can verify,
or some sort of hash chain that's seeded appropriately.
>The reasonably straightforward fix in hardware is to have the encryption
>chip get it's random numbers from something else, hopefully a PRNG piece
>of hardware made by a different manufacturer, and have that get it's
>random numbers from somewhere else, hopefully an RNG piece of hardware
>from a third manufacturer.
It's hard to trust someone else's RNG hardware - they may _say_
they got the random number from the generator, but you can't prove
they're lying (and it's hard to prove that they're not.)
And even then, for short subliminal messages, the sender can
crank the RNG a few times (by sending messages) to get
a Truly Random Number with the right subliminal message
(e.g. make sure the Jew, Commie, and Drug bits are all set.)
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:59