Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: notesfiles - hp 1.2 08/01/83; site hp-pcd.UUCP
Path: utzoo!linus!philabs!cmcl2!seismo!harvard!talcott!panda!genrad!decvax!tektronix!hplabs!hp-pcd!john
From: john@hp-pcd.UUCP (john)
Newsgroups: net.crypt
Subject: Re: Re: DES certification
Message-ID: <99200001@hp-pcd.UUCP>
Date: Tue, 23-Jul-85 13:22:00 EDT
Article-I.D.: hp-pcd.99200001
Posted: Tue Jul 23 13:22:00 1985
Date-Received: Sun, 28-Jul-85 05:18:42 EDT
References: <1270@utcsri.UUCP>
Organization: Hewlett-Packard - Corvallis, OR
Lines: 26
Nf-ID: #R:utcsri:-127000:hp-pcd:99200001:000:1219
Nf-From: hp-pcd!john    Jul 23 09:22:00 1985

<<<<
<      One reason for this is that it is currently possible to monitor the
<  electromagnetic 'noise' the machine emits, and analyze that to discover
<  some of what the machine is doing. Another reason is that software
<  can be changed; if I have access to a system with a software implementation
<  of DES, I could conceivably hack it to log all the attempts at encryption
<  into a local file, or out to the phone line. 
<

  This is true anytime that a general purpose computer handles sensitive
date. If you can hack your systems DES routines then you can probably hack
the driver that passes data to the DES hardware in the same manner. If you
really want security then you better implement your file managers and
editors and everything else tat handles your data in hardware. 

  Hardware implementations do provide some security in that the key can be
stored in the device and not readable by the system. You can load the new
days key in the morning and not have to worry about the afternoon operator
extracting it from the system.

  The strange thing is that some of the DES IC's on the market are nothing
more than single chip computers that are programmed with DES.


John Eaton
!hplabs!hp-pcd!john