| Subject | Re: [firebird-support] Database protection [OT] |
|---|---|
| Author | Edward Flick |
| Post date | 2004-04-06T20:10:29Z |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Well, the system would have to support Paladium to begin with, but
anyways. I don't know what kind of handshake Paladium uses, but if the
system has to authenticate itself to the smartcard first (assuming it
has to sign some series of bytes the chip sends it). Couldn't you just
make a smart card that would have the system authenticate itself so many
times passing all nulls (or some other text susceptible to attack) until
it leaks enough to reconstruct the original key? And after you get that,
you can use a non-Paladium system to spoof a Paladium system to the
smart card?
Edward
Steffen Heil wrote:
| HI
|
|
|>If it has to interface with the computer IT IS HACKABLE. If I'm to assume
|
| that paladium usage will work because of private/public key pairs that
only
| the application and smartcard understand, then might I remind you that the
| Application or OS has to store the other key somewhere. Also, there are
| methods of intercepting electronic transmissions, and just debugging
memory
| in general.
|
| No.
| Paladium uses public keys on the hardware layer. No programm can do
anything
| against it (if it is bug-less implemented of course).
| And on hardware layer it is possible to build atomic "black boxes" that
| cannot be opened without destroying them and you cannot see whats going on
| inside without opening.
|
| You can get some information anyway.
| We have a professor here at our university who can give some information
| about **WHEN** the multiplier within a smart card that uses prime
| multiplication is activated [using some method to very sensibly monitoring
| its power requirements - multipliers need more power than adders in this
| special card]. But you cannot get the values of these primes - only
some raw
| estimation of their size.
|
| Regards,
| Steffen
|
|
|
|
| Yahoo! Groups Links
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFAcw60vWeCZ4RLdzYRAndTAJ41PCZZp8M2Y26tQ/cT0MdvJbt3MwCfZWUd
A3g7pkhm68gDKtUo3uRIU/g=
=hVLj
-----END PGP SIGNATURE-----
Hash: SHA1
Well, the system would have to support Paladium to begin with, but
anyways. I don't know what kind of handshake Paladium uses, but if the
system has to authenticate itself to the smartcard first (assuming it
has to sign some series of bytes the chip sends it). Couldn't you just
make a smart card that would have the system authenticate itself so many
times passing all nulls (or some other text susceptible to attack) until
it leaks enough to reconstruct the original key? And after you get that,
you can use a non-Paladium system to spoof a Paladium system to the
smart card?
Edward
Steffen Heil wrote:
| HI
|
|
|>If it has to interface with the computer IT IS HACKABLE. If I'm to assume
|
| that paladium usage will work because of private/public key pairs that
only
| the application and smartcard understand, then might I remind you that the
| Application or OS has to store the other key somewhere. Also, there are
| methods of intercepting electronic transmissions, and just debugging
memory
| in general.
|
| No.
| Paladium uses public keys on the hardware layer. No programm can do
anything
| against it (if it is bug-less implemented of course).
| And on hardware layer it is possible to build atomic "black boxes" that
| cannot be opened without destroying them and you cannot see whats going on
| inside without opening.
|
| You can get some information anyway.
| We have a professor here at our university who can give some information
| about **WHEN** the multiplier within a smart card that uses prime
| multiplication is activated [using some method to very sensibly monitoring
| its power requirements - multipliers need more power than adders in this
| special card]. But you cannot get the values of these primes - only
some raw
| estimation of their size.
|
| Regards,
| Steffen
|
|
|
|
| Yahoo! Groups Links
|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFAcw60vWeCZ4RLdzYRAndTAJ41PCZZp8M2Y26tQ/cT0MdvJbt3MwCfZWUd
A3g7pkhm68gDKtUo3uRIU/g=
=hVLj
-----END PGP SIGNATURE-----