> > However, it got me thinking whether I trust these solution. I > > inherently feel more secure when using software I wrote and compiled > > myself than using hardware. But what's the difference when the > > bitstream that tumbles out at both ends -- AES hardware and AES > > software -- are identical? > > Ciphers in hardware are generally not a problem, except for local > attacks. This is pretty naive. Every modern hardware contains software stored for example in EEPROMs or flash. If a malicious software is good enough it can do a lot of possible things that needs not only local attacks. > I am sure the enemies of freedom sure would like to have backdooors > in everything. But having a backdoor in a block cipher in hardware > is only possible if the cipher itself has the backdoor. AES is a > 1:1 mapping and cannot have a backkdoor that allways works. It > could (theoretically) have one that compresses the data and then > embeds something in the bits gained. However the AES structure > does not seem to do that. There are a lot of possible attacks for malicious implementations. It can for example store the AES key in a flash memeory on the hardware and reveal on special commands or it can be exploited by site channel attacks. I have the same objections as Clemens. Its pretty hard to verify site-channel security and find backdoors on hardware without for really good documentations like VHLD layout and auditable microcode. greetings wof -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
