>> Why are you eliminating the idea of a real "one-time pad"?
>> That is an integral part of the security.
>
>You mean a secret key as long as the application program?
>Because that would double the size of the application program
>memory. IMHO that price is too high. And it's not a one-time
>pad anyway, unless you want to update only once.

Another possibility may be some CRC or hash of the code already in the chip,
which means any update would have to be applied in correct order, requiring
any previous updates as well. There may already be code in the chip to
obtain this hash on start-up, as part of the reset checking.

Another possibility that I have not seen proposed is some means of error
correcting code being used, with deliberate errors in the downloaded code
being corrected once it is inside the chip. This could mean that code could
be mangled to look like a processor from manufacturer A, when it really is a
processor from manufacturer B. It would take some thinking about how to do
it, and would involve a fair amount of error correcting CRC on each
download, but may still be do-able.

_______________________________________________
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist