carroll@utcsri.UUCP (Eric Carroll) (07/19/85)
In article <405@petrus.UUCP> karn@petrus.UUCP (Phil R. Karn) writes: > 1. To formally adhere to DES (i.e., to gain a certification from NBS), you > have to implement the algorithm in hardware on a special-purpose chip. > General purpose computer software implementations are not certifiable. I've > never understood this requirement... > > Phil One reason for this is that it is currently possible to monitor the electromagnetic 'noise' the machine emits, and analyze that to discover some of what the machine is doing. Another reason is that software can be changed; if I have access to a system with a software implementation of DES, I could conceivably hack it to log all the attempts at encryption into a local file, or out to the phone line. Both compromise the whole idea of an encryption, namely that, in the ideal case, no-one but myself and the sender can read the message. The US DoD has very strict rules on the shielding requirments of machine rooms that house computers with access to top secret information.
john@hp-pcd.UUCP (john) (07/23/85)
<<<< < One reason for this is that it is currently possible to monitor the < electromagnetic 'noise' the machine emits, and analyze that to discover < some of what the machine is doing. Another reason is that software < can be changed; if I have access to a system with a software implementation < of DES, I could conceivably hack it to log all the attempts at encryption < into a local file, or out to the phone line. < This is true anytime that a general purpose computer handles sensitive date. If you can hack your systems DES routines then you can probably hack the driver that passes data to the DES hardware in the same manner. If you really want security then you better implement your file managers and editors and everything else tat handles your data in hardware. Hardware implementations do provide some security in that the key can be stored in the device and not readable by the system. You can load the new days key in the morning and not have to worry about the afternoon operator extracting it from the system. The strange thing is that some of the DES IC's on the market are nothing more than single chip computers that are programmed with DES. John Eaton !hplabs!hp-pcd!john