On Sun, 27 Aug 2006, Aine Douglas wrote:
>> particularly can make such hardware expensive. Cheaper, smaller
>> 'smartcards' likely still allow a determined attacker to recover the
>> secret key (e.g. the credit card and "ChipKnip" banking smartcards
>> are vulnerable iirc).
>> That is the basis for the majority of PKCS11 devices. Values go in,
> computation carried out on card, result comes out.
Reread the text you're replying to :).
> Technologies have moved on since you've learned this one. I'm not
> sure about the opensource security toolkits, but the commercial
> ones allow you to create encrypted memory allocations which avoid
> this, and in those memory allocations, they specifically allocate
> in physical memory and not virtual memory spaces else the
> allocation returns an error and you can't do the operation. Check
> out the Baltimore jcrypto api for more info.
That's nice, but the key is still accessible to the administrator.
Which in many cases == the user (especially on windows machines).
Further, even if the user does not have administrative rights, if
they control the machine, they have administrative privileges if they
Some thing to read up on is "Snake oil", google for that term +
I can categorically tell you that this software of Baltimore's has 0
way of knowing whether or not it has been tampered it on common
systems today. If anyone says it can (and I bet Baltimore *won't*)
they are misinformed. It might be able to guard against unprivileged
users, but that's not full tamper-protection.
> possibly hold. Just don't keep your eyes closed to the
> possibilities forever, as the weaknesses expressed by yourself are
> so obvious it is only a matter of time before someone addresses the
You mentioned the word "intractible". You point out that for some
reason there's no open code to solve this problem, despite
many commercial companies apparently having "solved" this problem.
Ask yourself why, and don't forget to google for:
snake oil Schneier
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Parts not interchangeable with previous model.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!