Any future for the Crypto Stick?

Robert Holtzman holtzm at cox.net
Thu Dec 5 20:57:07 CET 2013


On Thu, Dec 05, 2013 at 04:20:42AM -0800, Paul R. Ramer wrote:
> Peter Lebbing <peter at digitalbrains.com> wrote:
> >On 02/12/13 20:37, Andreas Schwier (ML) wrote:
> >> Wait a second - you can not simply hide a backdoor in a Common
> >Criteria
> >> evaluated operating system. There are too many entities that would
> >need
> >> to be involved in the process
> >
> >Why couldn't the manufacturer simply put a different, backdoored
> >firmware in the
> >card ROM than the one they showed to the other entities? Are those
> >other
> >entities physically examining the ROM mask of the final product or
> >somehow
> >bypassing the code protection and reading out the flash ROM?
> 
> On that note, why assume that the manufacturer would not do the opposite: feign helping the spy agency by giving them a compromised ROM and then substituting a secure one on the real product. In either case, we are assuming the company would try to supply different bodies with different ROMs.

Probably because the company might be open to criminal charges. I
understand that the NSA has used this threat in the past.

-- 
Bob Holtzman
Your mail is being read by tight lipped 
NSA agents who fail to see humor in Doctor 
Strangelove 
Key ID 8D549279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: </pipermail/attachments/20131205/27b7e83b/attachment.sig>


More information about the Gnupg-users mailing list