[5299] in cryptography@c2.net mail archive
Re: depleting the random number generator -- repeated state
daemon@ATHENA.MIT.EDU (David Honig)
Sat Jul 31 17:07:20 1999
Date: Fri, 30 Jul 1999 20:31:51 -0700
To: Eugene Leitl <eugene.leitl@lrz.uni-muenchen.de>
From: David Honig <honig@sprynet.com>
Cc: Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de>,
"Enzo Michelangeli" <em@who.net>, "bram" <bram@gawth.com>,
<cryptography@c2.net>
In-Reply-To: <14242.11936.538757.640771@lrz.de>
At 04:00 PM 7/30/99 -0700, Eugene Leitl wrote:
>David Honig writes:
>
> > One of the many uses of nitric acid. Ie, take random samples
>
>I thought this is mostly done by removing the bulk of the package
>polymer by grinding, and then subjecting the rest of it to a plasma
>etch.
I believe Marcus Kuhn and Ross Anderson have written about
what can be done in a lab. HNO3 removes epoxy. Grinding
is always useful; specific layers require specific
chemistry.
IBM even has ways to image active junctions through the
back of a working die, using IR cameras.
>I haven't put a processed wafer into nitric acid yet, but I could
>imagine it does horrible things to small structures.
It dissolves some things, leaves others alone. HF is hell
on glass, but leaves Si alone. Etc etc.
Point is, to trust a RNG (or any other circuit), take it
apart. The details are irrelevant.
Someone in the l0pht has been proposing a crypto UL lab;
their hardware division would have to do some chipstripping,
don't you think? How else are you going to verify your hardware?
