[148342] in cryptography@c2.net mail archive
Re: [Cryptography] Kindle as crypto hardware
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Wed Dec 4 13:24:03 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CA+cU71kXstcY2tDRNZig5ahipPW_zN5OepaAfUguwXBTJp+sPA@mail.gmail.com>
Date: Wed, 4 Dec 2013 09:46:43 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tom Ritter <tom@ritter.vg>
Cc: Taral <taralx@gmail.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============6775922529486659520==
Content-Type: multipart/alternative; boundary=047d7b5d57104b29d104ecb67bc4
--047d7b5d57104b29d104ecb67bc4
Content-Type: text/plain; charset=ISO-8859-1
On Wed, Dec 4, 2013 at 8:56 AM, Tom Ritter <tom@ritter.vg> wrote:
> On 4 December 2013 00:57, Taral <taralx@gmail.com> wrote:
>
>> On Tue, Dec 3, 2013 at 8:39 PM, Phillip Hallam-Baker <hallam@gmail.com>
>> wrote:
>> > What I really want from a crypto key management device is that it be
>> >
>> > * Small and light
>> > * Have processor and display capabilities
>> > * Be possible to control the operating system build completely
>> > * Be cheap enough to be a burner machine
>>
>> Does it need to be resistant to physical attack?
>>
>
> Yes, I would add Tamper Evident. I don't want to carry a key management
> device everywhere. It _might_ be feasible if it was one of those stub usbs
> that are as small as the plug itself... but there goes the display.
>
> The question is, can tamper evident be grafted _onto_ a kindle easily and
> reliably? Nearly all forms of tamper evidence have fallen to Defcon's
> Tamper Evident contest. That doesn't mean they're worthless, because they
> increase attacker cost, but they can't be relied on fully.
>
> -tom
>
I stick stuff in a tamper evident bag. They are pretty cheap as the police
use them for evidence.
Even pro gear is not particularly tamper evident. I have had a safekeyper
apart and could probably do it again without loss of the keys now that I
know the position of the switch.
What is really desirable is to have the hardware zero itself if there is an
attempt to tamper with it. But that is not something I think is feasible
for any hardware that is not expensively purpose built.
--
Website: http://hallambaker.com/
--047d7b5d57104b29d104ecb67bc4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Wed, Dec 4, 2013 at 8:56 AM, Tom Ritter <span dir=3D"ltr"><<a=
href=3D"mailto:tom@ritter.vg" target=3D"_blank">tom@ritter.vg</a>></spa=
n> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra">=
<div class=3D"gmail_quote"><div><div class=3D"h5">On 4 December 2013 00:57,=
Taral <span dir=3D"ltr"><<a href=3D"mailto:taralx@gmail.com" target=3D"=
_blank">taralx@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
<div>On Tue, Dec 3, 2013 at 8:39 PM, Phillip Hallam-Baker <<a href=3D"ma=
ilto:hallam@gmail.com" target=3D"_blank">hallam@gmail.com</a>> wrote:<br=
>
> What I really want from a crypto key management device is that it be<b=
r>
><br>
> * Small and light<br>
> * Have processor and display capabilities<br>
> * Be possible to control the operating system build completely<br>
> * Be cheap enough to be a burner machine<br>
<br>
</div>Does it need to be resistant to physical attack?<br></blockquote><div=
><br></div></div></div><div>Yes, I would add Tamper Evident. =A0I don't=
want to carry a key management device everywhere. =A0It _might_ be feasibl=
e if it was one of those stub usbs that are as small as the plug itself... =
but there goes the display.</div>
<div><br></div><div>The question is, can tamper evident be grafted _onto_ a=
kindle easily and reliably? =A0Nearly all forms of tamper evidence have fa=
llen to Defcon's Tamper Evident contest. =A0That doesn't mean they&=
#39;re worthless, because they increase attacker cost, but they can't b=
e relied on fully.</div>
<span class=3D"HOEnZb"><font color=3D"#888888">
<div><br></div><div>-tom</div></font></span></div></div></div>
</blockquote></div><div class=3D"gmail_extra"><br></div>I stick stuff in a =
tamper evident bag. They are pretty cheap as the police use them for eviden=
ce.</div><div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra">Ev=
en pro gear is not particularly tamper evident. I have had a safekeyper apa=
rt and could probably do it again without loss of the keys now that I know =
the position of the switch.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra"><br>What is=
really desirable is to have the hardware zero itself if there is an attemp=
t to tamper with it. But that is not something I think is feasible for any =
hardware that is not expensively purpose built.<br clear=3D"all">
<div><br></div>-- <br>Website: <a href=3D"http://hallambaker.com/">http://h=
allambaker.com/</a><br>
</div></div>
--047d7b5d57104b29d104ecb67bc4--
--===============6775922529486659520==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============6775922529486659520==--
