PGP source code
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue, 4 Sep 2001 23:58:50 +1200 (NZST)
Richard Clayton <richard@demon.net> writes:
>There's a little more in this October 2000 BYTE article:
>
> http://www.byte.com/documents/s=479/BYT20001016S0006/
>
>Although BYTE talks about "checksums", the microcode is signed (I am told on
>excellent authority [though admittedly, my memory may not be as good as the
>authority!]) by a 2048 bit RSA key...
Just thinking out loud here, but this seems rather unlikely. Implementing an
RSA library in the microcode would be an incredible amount of work and waste of
microcode space, and there wouldn't be any real advantage over just using a
MAC, given that the only way to get at the MAC key would require a nontrivial
amount of reverse-engineering effort.
Peter.