From: IsraelRT <israelrt@optushome.com.au>
Subject: Extracting a 3DES key from an IBM 4758
Date: Sat, 10 Nov 2001 12:25:27 +1100
Date: 2001-11-10T12:25:27+11:00 [thread overview]
Message-ID: <tf0putos6f22l03bj6i5qt5dg1bbnqkgi7@4ax.com> (raw)
In-Reply-To: 3BEBD3D3.50A5D523@gmx.de
An amusing article , well worth reading:
http://www.cl.cam.ac.uk/~rnc1/descrack/
"The IBM 4758 is an extremely secure crytographic co-processor. It is
used by banking systems and in other security conscious applications
to hold keying material. It is designed to make it impossible to
extract this keying material unless you have the correct permissions
and can involve others in a conspiracy.
Until IBM fix the CCA software to prevent our attack, banks are
vulnerable to a dishonest branch manager whose teenager has $995 and a
few hours to spend in duplicating our work.
We are able, by a mixture of sleight-of-hand and raw processing power,
to persuade an IBM 4758 running IBM's ATM (cash machine) support
software called the "Common Cryptographic Architecture" (CCA)
to export any and all its DES and 3DES keys to us. All we need is:
about 20 minutes uninterrupted access to the device one person's
ability to use the Combine_Key_Parts permission a standard
off-the-shelf $995 FPGA evaluation board from Altera
about two days of "cracking" time"
If your bank manager suddenly flies off to the south of France, this
might explain it !
parent reply other threads:[~2001-11-10 1:25 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <3BEBD3D3.50A5D523@gmx.de>]
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox