Any future for the Crypto Stick?

[Peter Lebbing]

On 02/12/13 20:37, Andreas Schwier (ML) wrote:
> Wait a second - you can not simply hide a backdoor in a Common Criteria
> evaluated operating system. There are too many entities that would need
> to be involved in the process

Why couldn't the manufacturer simply put a different, backdoored firmware in the
card ROM than the one they showed to the other entities? Are those other
entities physically examining the ROM mask of the final product or somehow
bypassing the code protection and reading out the flash ROM?

> And if there were a backdoor, then the manufacturer could be held liable
> if the backdoor was exploited. They wouldn't risk their business just to
> comply with a fairly small US smart card market requirement.

I'm not so sure. This is equally true for the backdoors than are known to have
been placed by the NSA; yet still there they are. By the way, when NXP is kicked
out of the US, they lose their whole US market, not just the smartcard market.
Instead of "kicked out", also think of "harassed", "not getting government
contracts", etcetera.

> Btw. we are working on a solution to add OpenPGP support for our
> SmartCard-HSM, which is running on a JCOP platform. It's available as
> card, USB-Stick or MicroSD card.

Cool, the more, the merrier. NdK just pointed me to the FST-01 USB stick, not a
JCOP platform, but cool in a different way. Fully free software on a generic ARM
platform.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>