Is there a chance smartcards have a backdoor? (was Re: Any future for the Crypto Stick?)

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Thu Dec 5 20:22:54 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 12/05/2013 08:08 PM, Peter Lebbing wrote:
> On 05/12/13 13:20, Paul R. Ramer wrote:
>> On that note, why assume that the manufacturer would not do the
>> opposite: feign helping the spy agency by giving them a
>> compromised ROM and then substituting a secure one on the real
>> product. In either case, we are assuming the company would try to
>> supply different bodies with different ROMs.
> 
> We're debating the risk that a card is backdoored. If there is such
> a risk, that risk still exists if we allow for the possibility that
> manufacturers try to do what you say. They're not mutually
> exclusive; how come you infer that I assume that the manufacturer
> would not do the opposite?
> 

The smartcard having a bad RNG as seen in [0] springs to mind.

References:
[0]
http://sites.miis.edu/cysec/2013/10/10/taiwans-citizen-smart-card-plan-compromised-by-bad-rngs/


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Great things are not accomplished by those who yield to trends and
fads and popular opinion."
(Jack Kerouac)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSoNKKAAoJEAt/i2Dj7frjgacQAKftpqC3shsP1p4oF1Ksdd25
bjS1lX/SsGUKe5ynKr6elY7NxAea6L7QH5yP9uinBYDGpZnUV9JcNAyYtwUwYlDS
MwPoYXcOdoYVe/cSIJflARDBzDDdaLw/51O/4ZReeYUjOQlz5Lr+JqO0O/02FcwJ
E3jKHkQo44CbpYEqF3LAIl7qua2eMwNV99hxvuUQxrj3k3FJAZaPrAP9duJkA9BA
Ssvq4iBWVgikPw8jrefBrzhIpSTjSYSslXEJzgBnYsQ6zbPtWnX/15cVz8n4GWiI
o06A7Obx1siIzOL/S+nJK1jv8as3JU/Q5Xh5OfvmiXhjljhjQr0lKo4DMEaQ4z6B
IPJODsL8Pe6u44kC+qyZ0JABFxUlDPh4RD8xpFeJBizZPajoYfJWBEyNuW0swB5J
L2WZqRITYiz/epQROp6SLPY06O2ym78twwjM/ldtH1dgVqygze15aNB0onHeSZd7
8LDvm4Dnn4F259nuPyJ0ejjtvupOu/DkHE8UShynEELuFIrxenEEULplISRJ8To9
d+bwEaX0nfPMSbj6j8cBsMa1YyxI2NHqmgPweqc9UB+FUi6Mc6/W9HfRH5XgAW+J
sSZDWJvOBLWMAf6qOnCIK6WmhhlPY0YYiFQByiBF3idmVIj4iAokbr7kHvPepIMj
6tzH0YpBaNF9wSLh7tMh
=fTni
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list