Talk:Custom hardware attack

Untitled
I'm not so sure about the suggested defence to a custom hardware attack. Depending on the point at where the attack occurs, the keylength may be irrelevant. The best defence to a custom hardware attack would be a timelimited and continually changing algorithm. The effectiveness of a custom hardware attack depends on the algorithm not changing or not changing sufficiently to render the hardware attack void. --Jmccormac 00:55, 30 December 2006 (UTC)
 * I might disagree with you on that (regularly changing your algorithm has practical drawbacks), but I think the real problem is that this section, whether your version or the previous one, is looking more like opinion than citing any particular part of the literature. I've moved it here for now. &mdash; Matt Crypto 13:13, 31 December 2006 (UTC)


 * The most effective defense against a custom hardware attack is the change or modify the encryption algorithm being used to protect the data. When that is not an option, the next best defense is to limit the time during which a key is used and ensure that keys are changed regularly.


 * The custom hardware attack's greatest strength is also its greatest vulnerability. It is designed to do one thing well - attack an encryption system in a particular way (often by testing the breaking down the key space and testing a large number of keys simultaneously). If the encryption algorithm changes then the hardware has to be changed or updated with the new algorithm. A good example of this vulnerability happened in World War II when the German Navy added a fourth rotor to its Enigma system in February 1942 thus effectively defeating the three rotor Bombe custom hardware attack used by the Allies.

-- No problem Matt. The earlier defence of using long keylengths and changing keys was a bit too nebulous. While changing keys regularly would introduce an element of lag into the attack, it doesn't necessarily follow that it will defend against the attack. The way I see it is that the custom hardware based attack is really a worst case scenario for an algorithm because all of the messages up to the point the algorithm changes or is modified are vulnerable.

Most well designed systems would have some element of regular key change so even with changing keys the custom hardware attack would still work. Changing keys reduces the effect of a key break, limiting the number of messages that can be decrypted with the recovered key. In this respect it is a defence against the effectiveness of a custom hardware attack rather than a defence against the custom hardware attack itself. Each ciphertext is effectively a single problem for the hardware and this granularity was missing from the original version.

Your point about the practicalities of changing algorithms is an important one. The reluctance of the users of a widely distributed system to change algorithms can be seen in how the Pay TV channels try to get the maximum use out of each issue of smartcard before changing to a new issue. In their case, the reluctance to change is due to the cost of manufacturing millions of smartcards and the logistics of issuing them to subscribers. The historical example, that of Enigma, was a modification to the system that made the algorithm more complex.

I used the Wikipedia entry on the Bombe (but without specifically linking to the section on the challenge of the 4 rotor Enigma) as an example of how the most effective countermeasure to the attack was successful. I'd have to go back to some of the books on the history of Enigma to get a more exact reference on the effect the introduction of the fourth rotor. --Jmccormac 01:46, 1 January 2007 (UTC)