[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NOISE] Cable-TV-Piracy-Punks



"Perry E. Metzger" <[email protected]> writes:

 > Or to people with access to scanning microscopy techniques
 > like STMs or AFMs. I suspect that there are lots of
 > techniques that can be successfully used. It used to be that
 > using them required the sort of facilities only available at
 > a large semiconductor manufacturer, but now I suspect that
 > it would be easy for a student at a major university, and
 > probably less easy, but still perfectly feasible, for a
 > person working at home with lots of sophisticated but fairly
 > available equipment like STMs.

We aren't talking about IC masks here.  We are talking about
electrostatic charges which would instantly leak away if the
insulation around them were in the least bit compromised.

Such data wouldn't even survive the preparation for scanning
microscopy, much less the actual inspection process.

 > They aren't immune to the laws of physics. If it can be put
 > together, it can be taken apart. I can even surmise HOW it
 > can be taken apart.

If you put something fragile inside a container which cannot be
breached without exposing the fragile thing to a destructive
environment, then the fragile thing is very unlikely to be
retrieved intact.  The specific parameters here will of course
vary with what technology is available, but I think live EEPROM
cells deep inside a multi-layer VLSI device are probably safe
from scrutiny for the lifetime of your average smart card.  Live
registers too, for that matter.

 > The Americans trust their money to the notion that no
 > counterfeiter can afford to pay a million or so for an
 > intaglio press. Do you think this is likely?

It is neither likely nor relevant.

 > In any case, I notice that the claim has changed. Before,
 > it was claimed, speciously, that modern cryptography could
 > solve this problem. Now it is claimed that the security of
 > the system depends entirely on keeping the user from
 > breaking in to a piece of equipment that they have physical
 > possession of. Pretty different story, eh?

The original scenario outlined how strong cryptography could be
used to authorize pay per view in a manner which was not
vulnerable to obvious hacking.  The successful use of strong
cryptography depends upon keeping certain key information secret,
and it was postulated as part of the scenario that this could be
done within a smart card.

An endless metaphysical quibble over whether God can create a
smart card he can't peek into does not serve to further
illuminate the cryptographic issues under discussion.

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     [email protected]     $    via Finger.                      $