[148362] in cryptography@c2.net mail archive
Re: [Cryptography] Kindle as crypto hardware
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_l)
Thu Dec 5 11:39:43 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20131205024618.2157CFDD0@a-pb-sasl-quonix.pobox.com>
From: =?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?= <l@odewijk.nl>
Date: Thu, 5 Dec 2013 14:37:09 +0100
To: Bill Stewart <bill.stewart@pobox.com>
Cc: cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4184930734038394598==
Content-Type: multipart/alternative; boundary=089e012940d8895dcc04ecc9a12c
--089e012940d8895dcc04ecc9a12c
Content-Type: text/plain; charset=UTF-8
Why not just use a piece of paper? Except if you'd like it to do
calculations for you. In which case you should keep to "something that
stores data and does certain calculations".
Definitely NOT get *nix! That's asking for trouble.
If you take anything morepowerfull than an Arduino there'll likely be
exploits.
I strongly recommand rolling your own.
Battery + PIC + display (example <https://www.sparkfun.com/products/9363>)
+ keyboard (example<http://www.ebay.com/itm/OEM-Blackberry-Bold-Q10-Qwerty-Keypad-Keyboard-Membrane-Flex-Cable-Replacement-/221329592432?pt=US_Cell_Phone_Replacement_Parts_Tools&hash=item3388459070>)
= 30-40 USD
Only the PIC needs to be disposed of. I'd mount it in a socket, and then
replacing it costs <2USD (depends on the PIC ofc). You could use the PIC's
volatile memory to store data, that way you can destroy your keys easily in
a pickle (just yank the PIC out of it's socket). It'd be insanely hard to
retrieve the data after that indeed.
The display and keyboard I picked are both cellphone components. The
display mounted to a PCB for easy reuse. The keyboard has a flex cable,
which might be a bother. I'm sure you have an old cellphone around, else
you can check any thrift store and reuse a phone they didn't think they'd
ever get rid off anymore. (those I did visit usually have a bunch in the
back. I even found one that trashed them as "electronics waste", and I
could take a bundle for free!)
If you want to buy a kindle that's fine too. Ebay has a ton of "kindle
keyboard" kindles for about 45 USD. But remember you are not getting nearly
the security you could have gotten. And it's only a tease easier, and a lot
less fun. Maybe the most important thing is that it's totally uncool
compared to a hacked together little device.
2013/12/5 Bill Stewart <bill.stewart@pobox.com>
> At 08:19 AM 12/4/2013, you wrote:
>
> On Wed, Dec 4, 2013 at 11:02 AM, Theodore Ts'o <<mailto:tytso@mit.edu>
>> tytso@mit.edu> wrote:
>> On Wed, Dec 04, 2013 at 10:40:25AM -0500, Phillip Hallam-Baker wrote:
>> (BTW, my quick pricing of a Rasberry Pi with a display is not cheaper
>> than an Arduino, but your milage may vary.)
>> The Pi has HDMI out so it can hook into an existing display so depending
>> on the application it is a wash. It also has the random number generator
>> and the operating system boots from SD card which I find more comforting
>> than loading up a black box via USB.
>>
>
> HDMI means you can plug the Pi into a newer television or monitor, if
> you're not paranoid about those, and you can plug in a vanilla USB keyboard.
> There isn't persistent memory on the board; the OS is installed on a
> removable SD flash card, so if you need to shred anything it's the $5 flash.
>
> As much as I like the Arduino for controlling blinky-lights and
> thermostats, it's not the platform you want to use for number-crunching.
> It's an 8-bit CPU running at 20 MHz, so generating ECC keys will take
> unacceptably long. Spend the extra $10 for the Pi, which is at least a 700
> MHz 32-bit chip. And don't go buying that NSArrduino clone board, which
> has a chip marked "ATmega328" that's actually an ARM emulation with a radio
> transmitter.
>
> Both CPUs are under $5, and if you're willing to use a serial display, you
> could get one of the few PDIP ARM chips so you can plug the chip into a
> socket and have nothing with memory in it remaining on the board.
>
> But it's probably safe enough and a lot less labor to just get a cheap
> phone or Kindle that already has all the parts.
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
--089e012940d8895dcc04ecc9a12c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Why not just use a piece of paper? Except if you'd lik=
e it to do calculations for you. In which case you should keep to "som=
ething that stores data and does certain calculations".<div><br>Defini=
tely NOT get *nix! That's asking for trouble.</div>
<div><br></div><div>If you take anything morepowerfull than an Arduino ther=
e'll likely be exploits.</div><div><br></div><div>I strongly recommand =
rolling your own.</div><div><br>Battery + PIC + display (<a href=3D"https:/=
/www.sparkfun.com/products/9363">example</a>) + keyboard (<a href=3D"http:/=
/www.ebay.com/itm/OEM-Blackberry-Bold-Q10-Qwerty-Keypad-Keyboard-Membrane-F=
lex-Cable-Replacement-/221329592432?pt=3DUS_Cell_Phone_Replacement_Parts_To=
ols&hash=3Ditem3388459070">example</a>) =3D 30-40 USD</div>
<div><br></div><div>Only the PIC needs to be disposed of. I'd mount it =
in a socket, and then replacing it costs <2USD (depends on the PIC ofc).=
You could use the PIC's volatile memory to store data, that way you ca=
n destroy your keys easily in a pickle (just yank the PIC out of it's s=
ocket). It'd be insanely hard to retrieve the data after that indeed.</=
div>
<div><br></div><div>The display and keyboard I picked are both cellphone co=
mponents. The display mounted to a PCB for easy reuse. The keyboard has a f=
lex cable, which might be a bother. I'm sure you have an old cellphone =
around, else you can check any thrift store and reuse a phone they didn'=
;t think they'd ever get rid off anymore. (those I did visit usually ha=
ve a bunch in the back. I even found one that trashed them as "electro=
nics waste", and I could take a bundle for free!)</div>
<div><br></div><div><br></div><div>If you want to buy a kindle that's f=
ine too. Ebay has a ton of "kindle keyboard" kindles for about 45=
USD. But remember you are not getting nearly the security you could have g=
otten. And it's only a tease easier, and a lot less fun. Maybe the most=
important thing is that it's totally uncool compared to a hacked toget=
her little device.</div>
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">2013/12=
/5 Bill Stewart <span dir=3D"ltr"><<a href=3D"mailto:bill.stewart@pobox.=
com" target=3D"_blank">bill.stewart@pobox.com</a>></span><br><blockquote=
class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc soli=
d;padding-left:1ex">
At 08:19 AM 12/4/2013, you wrote:<div class=3D"im"><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
On Wed, Dec 4, 2013 at 11:02 AM, Theodore Ts'o <<mailto:<a href=
=3D"mailto:tytso@mit.edu" target=3D"_blank">tytso@mit.edu</a>><a href=3D=
"mailto:tytso@mit.edu" target=3D"_blank">tytso@<u></u>mit.edu</a>> wrote=
:<br>
On Wed, Dec 04, 2013 at 10:40:25AM -0500, Phillip Hallam-Baker wrote:<br>
(BTW, my quick pricing of a Rasberry Pi with a display is not cheaper<br>
than an Arduino, but your milage may vary.)<br>
The Pi has HDMI out so it can hook into an existing display so depending on=
the application it is a wash. It also has the random number generator and =
the operating system boots from SD card which I find more comforting than l=
oading up a black box via USB.<br>
</blockquote>
<br></div>
HDMI means you can plug the Pi into a newer television or monitor, if you&#=
39;re not paranoid about those, and you can plug in a vanilla USB keyboard.=
<br>
There isn't persistent memory on the board; the OS is installed on a re=
movable SD flash card, so if you need to shred anything it's the $5 fla=
sh.<br>
<br>
As much as I like the Arduino for controlling blinky-lights and thermostats=
, it's not the platform you want to use for number-crunching.<br>
It's an 8-bit CPU running at 20 MHz, so generating ECC keys will take u=
nacceptably long. =C2=A0Spend the extra $10 for the Pi, which is at least a=
700 MHz 32-bit chip. =C2=A0And don't go buying that NSArrduino clone b=
oard, which has a chip marked "ATmega328" that's actually an =
ARM emulation with a radio transmitter.<br>
<br>
Both CPUs are under $5, and if you're willing to use a serial display, =
you could get one of the few PDIP ARM chips so you can plug the chip into a=
socket and have nothing with memory in it remaining on the board.<br>
<br>
But it's probably safe enough and a lot less labor to just get a cheap =
phone or Kindle that already has all the parts.<div class=3D"HOEnZb"><div c=
lass=3D"h5"><br>
<br>
______________________________<u></u>_________________<br>
The cryptography mailing list<br>
<a href=3D"mailto:cryptography@metzdowd.com" target=3D"_blank">cryptography=
@metzdowd.com</a><br>
<a href=3D"http://www.metzdowd.com/mailman/listinfo/cryptography" target=3D=
"_blank">http://www.metzdowd.com/<u></u>mailman/listinfo/cryptography</a><b=
r>
</div></div></blockquote></div><br></div>
--089e012940d8895dcc04ecc9a12c--
--===============4184930734038394598==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4184930734038394598==--
