Tels wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Moin,
On Wednesday 30 August 2006 19:44, Gregory Maxwell wrote:
On 8/30/06, Tels nospam-abuse@bloodgate.com wrote:
So, if you can't guarantee that the hashes of the IP (including the log) don't leak out, how can you guarantee that the secret doesn't leak out? Answer: You can't.
The only safe way to not leak these information out is not even to store them.
Silly, you store the hashes but not the secret.
The machine doing the hashes needs to know the secret and to make a meaningfull analysis, you can't change it. (Well, maybe you could change it once a month).
Still the secret is there and it can be leaked, subpoenaed or just plain be sent out by a SNAFU.
Store the secret on flash memory embedded on a chip with a standalone processor, like a smart card. Have the processor do the hashes itself, don't provide any interface to obtain the secret. Put the processor in a box with a tamper switch and a small incendiary device, nothing but a serial line leading out. Easy.
-- Tim Starling