Anelok: "competitor" in trouble

Bas Wijnen wijnen at debian.org
Wed May 28 22:57:40 EDT 2014


On Mon, May 26, 2014 at 09:28:18PM -0300, Werner Almesberger wrote:
> Bas Wijnen wrote:
> > As a side note: that's also why I didn't even consider trusting the
> > chip's code protection mechanism.
> 
> Well, the "tree of trust" has to have its root somewhere, and making
> our own chip isn't really an option.

Sure; I'm just not trusting their protection mechanism, so I treat it as
nonexistent, which means it is as secure as the other chip.  I don't expect
them to add a wireless transmitter in there to actively compromise any product.
;-)

All I'm saying is that the security model should not break down if their
security mechanism doesn't work.

> There's also the question of whether someone would consider you a
> sufficiently valuable target. When using a secret attack, there's
> always the risk of getting found out, which could easily render the
> attack worthless. So they'd have to consider whether your passwords
> are really worth risking an attack they may have other uses for.

That's a good point.  And of course if you can choose between putting your code
in something of which you don't trust the claim that it is protected, and
something which doesn't even claim it, the choice shouldn't be hard.

Thanks,
Bas



More information about the discussion mailing list


interactive