Its never going to be impossible - just want it to be very hard/tricky. There has to be a limit somewhere, our greatest weakness is probably the people with the cards.
Thanks for the info - I'll look into this as a fun side project...
PS its easy to krack your RAM resident key and you know it. Very easy to attach bus analyzer to a doctored memory SIMM or doctored L2 or L3 cache and snatch-probe the computers memory. I doubt you solder-locked all the memory in. And yes i know people that have done this and its a cinch.
It would be easy if the key were in the memory of a normal machine, but this is a separate SCSI device, tamper proofed with a collection of EPROM trashing switches & the PCB itself is encased in epoxy resin (with a huge fan to keep the block cool). Total cost of each unit is £20k so for that kind of cash it better not be that easy!
Our encryption system is based around having private keys stored encrypted across multiple smart cards (I have a big bundle of the things on my desk at the mo.). The cards are dished out to a collection of people & you need so many of these to recreate a key. The key is loaded into RAM on a hardware encryption unit which runs away happily doing its thing. If a unit looses power then you have to get a collection of people to shove their smart cards into the unit to recreate the key in RAM. This isn't fun at 2 in the morning...
Never really looked into the vulnerability of the smartcards before. I suppose the fact that the key is split across multiple cards gives us some protection though. This methodology wouldn't work for set-top-boxes though.
Has anybody looked into stripping information from a smart card? - how easy is this to do?
Slashdot Mirror
Can I ask which part of the Egg website you were having problems with?
Its never going to be impossible - just want it to be very hard/tricky. There has to be a limit somewhere, our greatest weakness is probably the people with the cards.
Cheers for the chat...
Thanks for the info - I'll look into this as a fun side project...
PS its easy to krack your RAM resident key and you know it. Very easy to attach bus analyzer to a doctored memory SIMM or doctored L2 or L3 cache and snatch-probe the computers memory. I doubt you solder-locked all the memory in. And yes i know people that have done this and its a cinch.
It would be easy if the key were in the memory of a normal machine, but this is a separate SCSI device, tamper proofed with a collection of EPROM trashing switches & the PCB itself is encased in epoxy resin (with a huge fan to keep the block cool). Total cost of each unit is £20k so for that kind of cash it better not be that easy!
Our encryption system is based around having private keys stored encrypted across multiple smart cards (I have a big bundle of the things on my desk at the mo.). The cards are dished out to a collection of people & you need so many of these to recreate a key. The key is loaded into RAM on a hardware encryption unit which runs away happily doing its thing. If a unit looses power then you have to get a collection of people to shove their smart cards into the unit to recreate the key in RAM. This isn't fun at 2 in the morning...
Never really looked into the vulnerability of the smartcards before. I suppose the fact that the key is split across multiple cards gives us some protection though. This methodology wouldn't work for set-top-boxes though.
Has anybody looked into stripping information from a smart card? - how easy is this to do?
Or will there be some kind of common sense injected into current law, allowing fair use rights for consumers? Only time will tell...
How can a book like this ignore Perl the "swiss army pen knife"
I thought that was "Swiss Army chain saw"...
But since owning handguns has been made illegal in the UK the number of gun related (violent) crimes has increased. Banning guns didn't work...