Selling Python Software
John J. Lee
jjl at pobox.com
Tue Nov 4 08:11:45 EST 2003
"Andrew Dalke" <adalke at mindspring.com> writes:
> Bengt Richter:
> > OTOH, we are getting to the point where rather big functionality can be put
> > on a chip or tamper-proof-by-anyone-but-a-TLA-group module. I.e., visualize
> > the effect of CPUs' having secret-to-everyone private keys, along with public keys,
>
> Actually, we aren't. There have been various ways to pull data of
> of a smart card (I recall readings some on RISKS, but the hits I
[...]
Right.
> In circuit emulators get cheaper and faster, just like the chips
> themselves.
Though there will always be some consumer apps that will run too slow
like that. Maybe not the most important ones, though (email, sound
and video playing stuff, etc.).
> And when in doubt, you can
> buy or even build your own STM pretty cheap -- in hobbiest range
> even (a few thousand dollars).
That's a thought: somebody is going to know (or be able to find
experimentally) exactly where to look on each chip, and once that fact
is out, I guess people are going to be selling motherboards / CPUs
with their private key stuck to them on a post-it note. :-)
A mass-market for STMs -- maybe it's worth investing ;-)
> > and built so they can accept your precious program code wrapped in a PGP
> > encrypted message that you have encrypted with its public key.
>
> Some of the tricks are subtle, like looking at the power draw.
> Eg, suppose the chip stops when it finds the key is invalid. That
> time can be measured and gives clues as to how many steps it
> went through, and even what operations were done. This can
> turn an exponential search of key space into a linear one.
[...]
Yeah, it's all very cute, and sounds like rocket science (which it is,
in some ways), but really it does all boil down to the same technique
I used as a child to crack my own bicycle chain combination lock (I
forgot the combination). I discovered you could hear the right
position on the dials individually, so I could crack it one dial at a
time. But that was a cheap lock, and there are others that don't do
that. Processors aren't locks, of course, and they give off so much
noise that I wonder if that's possible in their case.
John
More information about the Python-list
mailing list