[148349] in cryptography@c2.net mail archive
Re: [Cryptography] Kindle as crypto hardware
daemon@ATHENA.MIT.EDU (Kent Borg)
Wed Dec 4 13:29:23 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 04 Dec 2013 09:03:31 -0500
From: Kent Borg <kentborg@borg.org>
To: Phillip Hallam-Baker <hallam@gmail.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <CAMm+LwghpHz6Wy6AMVTqUednC_FA-T-6+DRvmVH=0BzEVmQPew@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 12/03/2013 11:39 PM, Phillip Hallam-Baker wrote:
> What I really want from a crypto key management device is that it be
>
> * Small and light
> * Have processor and display capabilities
> * Be possible to control the operating system build completely
> * Be cheap enough to be a burner machine
I recently bought a crazy cheap Android phone from a company in China
(Hong Kong?): geekbuying.com
The phone I bought has since fallen to under a $100.
It came with only the open source apps that are part of Android (no
maps, for example, which is fine with me) and only a couple other custom
apps, I have installed very little more, and with the radios off, it
looks like I have over a month of idle battery life. Even this is only
charging the battery to 90% to try to conserve its total life span.
I have never put a SIM in either of its dual slots. I have never
directly connected it to the internet. (This policy was before Snowden
and Schneier stuff publicized such precautions, but it made sense to me.)
Unfortunately, when I counted the number of different passwords I have
to enter to sync and back up its data, it is a lot, too many for a
civilian. But the result is I don't think it is the weak link in my
password scheme.
To use it requires my entering a longish password to unlock the phone
and another longish password to decrypt the key database. This is
cumbersome on a little screen, but it is portable, much smaller than a
Kindle, and the smaller screen is probably more suited to use in public.
I added it to the bag I use as a purse and have with me mostly always.
I don't have full control over its software, but one likely could for a
lot less effort than breaking into a Kindle. (The manufacturer likely
isn't going to fight you as Amazon would.) Instead I rely on keeping it
mostly incommunicado.
Aren't there some explicitly open source phones finally popping up? They
might be a cleaner starting point.
-kb
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography