Any future for the Crypto Stick?

[Peter Lebbing]

On 02/12/13 15:24, NdK wrote:
> Who can you really trust? If you don't trust NXP, then you can't use any
> of their JCOP chips... What would stop 'em from adding an undocumented
> command to the card manager that dumps the whole memory?

Exactly the point I was going to make when I read your mail up to this point.

And don't forget that the draconian US laws aren't just for multinationals whose
main offices are in the US... it's also for multinationals with any office in
the US. I wouldn't count on it that NXP thought "we'd rather lose the US market
than backdoor our smartcards".

Since smartcards are primarily used for security purposes, I wouldn't be
surprised if it responded specially to a message signed by the NSA (or encrypted
with a symmetric cipher with a specific key known to the NSA).

> Only BasicCard supports longer keys, but I'm not using Basic
> since Commodore-64 era :)

I agree with you, but programs on BasicCards are generally rather simple since
they just define the contents for the ISO 7816 APDU's and files, and everything
else, including the file system on the card, is part of the interpreter and OS
on the card. And BASIC has two advantages: it's easy to learn, and it's easy to
compile to bytecode (that is, writing a compiler is easy).

Obviously, the design of the language from an academic standpoint is really bad
by todays standards; we learned a lot since BASIC was designed. But that's not
so important for the small applet-like programs that only work with the contents
of ISO 7816 APDU's and files.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>