Selling Python Software

John J. Lee jjl at pobox.com
Tue Nov 4 08:11:45 EST 2003 

"Andrew Dalke" <adalke at mindspring.com> writes:

> Bengt Richter:
> > OTOH, we are getting to the point where rather big functionality can be put
> > on a chip or tamper-proof-by-anyone-but-a-TLA-group module. I.e., visualize
> > the effect of CPUs' having secret-to-everyone private keys, along with public keys,
> 
> Actually, we aren't.  There have been various ways to pull data of
> of a smart card (I recall readings some on RISKS, but the hits I
[...]

Right.


> In circuit emulators get cheaper and faster, just like the chips
> themselves.

Though there will always be some consumer apps that will run too slow
like that.  Maybe not the most important ones, though (email, sound
and video playing stuff, etc.).


> And when in doubt, you can
> buy or even build your own STM pretty cheap -- in hobbiest range
> even (a few thousand dollars).

That's a thought: somebody is going to know (or be able to find
experimentally) exactly where to look on each chip, and once that fact
is out, I guess people are going to be selling motherboards / CPUs
with their private key stuck to them on a post-it note. :-)

A mass-market for STMs -- maybe it's worth investing ;-)


> > and built so they can accept your precious program code wrapped in a PGP
> > encrypted message that you have encrypted with its public key.
> 
> Some of the tricks are subtle, like looking at the power draw.
> Eg, suppose the chip stops when it finds the key is invalid.  That
> time can be measured and gives clues as to how many steps it
> went through, and even what operations were done.  This can
> turn an exponential search of key space into a linear one.
[...]

Yeah, it's all very cute, and sounds like rocket science (which it is,
in some ways), but really it does all boil down to the same technique
I used as a child to crack my own bicycle chain combination lock (I
forgot the combination).  I discovered you could hear the right
position on the dials individually, so I could crack it one dial at a
time.  But that was a cheap lock, and there are others that don't do
that.  Processors aren't locks, of course, and they give off so much
noise that I wonder if that's possible in their case.


John

More information about the Python-list mailing list