[148990] in cryptography@c2.net mail archive
Re: [Cryptography] Dumb idea: open-source hardware USB key for
daemon@ATHENA.MIT.EDU (Tom Mitchell)
Sat Jan 11 01:53:03 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAAt2M1_91wHYfku=_7QLnXAoP3zbuddYkhKHG_OuQLkULcGsbQ@mail.gmail.com>
Date: Fri, 10 Jan 2014 18:59:06 -0800
From: Tom Mitchell <mitch@niftyegg.com>
To: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, Jan 10, 2014 at 3:57 PM, Natanael <natanael.l@gmail.com> wrote:
> Den 11 jan 2014 00:23 skrev "Bill Cox" <waywardgeek@gmail.com>:
>
>
>>
>> I've been noodling the idea of a USB stick designed in a way that we
>> can trust the crypto that goes on there. It's a hard problem,
....
> You just put your trust in that the FPGA isn't backdoored.
....
An open source project could be a good thing.
The problem is so hard that numerous ideas
need to be researched.
I am still wrestling with the scope of the attack and data
leak at Target(tm). That Target had data that others
could exploit tells me that the security model for commerce
is totally broken.
Looking at my credit card history -- I clearly need 101 different
credit access methods/ credentials and a way to void one
or all of them. To include place a "trap" on them.
Consider the early Target(tm) advice to review ALL transactions
because the small easy to ignore ones could be probes to
validate the data. Any method for tomorrow needs a trap
method that is only an exploit trap not a use trap.
--
T o m M i t c h e l l
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
