[148999] in cryptography@c2.net mail archive
Re: [Cryptography] Dumb idea: open-source hardware USB key for
daemon@ATHENA.MIT.EDU (Owen Shepherd)
Sat Jan 11 19:10:56 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAOLP8p6827Yj8r+f_qVQWnhN2ngKBeiRUe8_0peB5GRB3x8A6Q@mail.gmail.com>
Date: Sun, 12 Jan 2014 00:07:05 +0000
From: Owen Shepherd <owen.shepherd@e43.eu>
To: Bill Cox <waywardgeek@gmail.com>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>,
Natanael <natanael.l@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============7400142613807411480==
Content-Type: multipart/alternative; boundary=089e0160c4fc4aa06f04efbabd0d
--089e0160c4fc4aa06f04efbabd0d
Content-Type: text/plain; charset=UTF-8
My initial consideration, as an open hardware design, wasn't something for
somebody to just go out and buy.
If that's what you want, there are hundreds of PKCS#11 smart cards out
there. They're not going to be any less provaly secure than a USB stick you
buy from somebody.
The assumption is that you would at most buy it as a pre-soldered kit, hook
up a programmer, and program and lock it yourself, and finally epoxy it
yourself. Then you know the code is not tampered with.
I can't see a way to make this kind of thing at least equally provably
secure which doesn't involve some form of programming apparatus,
unfortunately.
Owen Shepherd
http://owenshepherd.net | owen.shepherd@e43.eu
On 12 January 2014 00:01, Bill Cox <waywardgeek@gmail.com> wrote:
> A keypad and display would be great, but for users who just want to
> carry it in their pockets, a USB stick form-factor would be
> preferable. I personally was thinking that I would have a Raspberry
> Pi based system with keyboard and display that was isolated from the
> Internet to help me generate keys, but of course average users would
> plug them into their Windows machines, and who knows who's watching
> them type passwords in that case.
>
> Your preference for epoxy encased circuits, and read-protected
> microcontrollers is interesting. That's one way to go, but I'm more
> worried that our USB sticks will be subverted somewhere along the
> build chain, so my preference is to make it easy to read out the
> programming information and to be able to probe the internal signals.
> You probably are right that in reality users would never bother with
> such authentication, which is why I would like to see a volunteer
> group of people who do bother to prove that most of these USB keys are
> safe.
>
> But you are right that my version makes it easy for an attacker to
> steal my USB key and read out the keys...
>
> It's a tough problem...
>
> Bill
>
--089e0160c4fc4aa06f04efbabd0d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>My initial consideration, as an open hardware design,=
wasn't something for somebody to just go out and buy.<br><br>If that&#=
39;s what you want, there are hundreds of PKCS#11 smart cards out there. Th=
ey're not going to be any less provaly secure than a USB stick you buy =
from somebody.<br>
<br></div>The assumption is that you would at most buy it as a pre-soldered=
kit, hook up a programmer, and program and lock it yourself, and finally e=
poxy it yourself. Then you know the code is not tampered with.<br><br>I can=
't see a way to make this kind of thing at least equally provably secur=
e which doesn't involve some form of programming apparatus, unfortunate=
ly.<br>
</div><div class=3D"gmail_extra"><br clear=3D"all"><div><div dir=3D"ltr"><d=
iv>Owen Shepherd<br></div><a href=3D"http://owenshepherd.net" target=3D"_bl=
ank">http://owenshepherd.net</a> | <a href=3D"mailto:owen.shepherd@e43.eu" =
target=3D"_blank">owen.shepherd@e43.eu</a><br>
</div></div>
<br><br><div class=3D"gmail_quote">On 12 January 2014 00:01, Bill Cox <span=
dir=3D"ltr"><<a href=3D"mailto:waywardgeek@gmail.com" target=3D"_blank"=
>waywardgeek@gmail.com</a>></span> wrote:<br><blockquote class=3D"gmail_=
quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1=
ex">
A keypad and display would be great, but for users who just want to<br>
carry it in their pockets, a USB stick form-factor would be<br>
preferable. =C2=A0I personally was thinking that I would have a Raspberry<b=
r>
Pi based system with keyboard and display that was isolated from the<br>
Internet to help me generate keys, but of course average users would<br>
plug them into their Windows machines, and who knows who's watching<br>
them type passwords in that case.<br>
<br>
Your preference for epoxy encased circuits, and read-protected<br>
microcontrollers is interesting. =C2=A0That's one way to go, but I'=
m more<br>
worried that our USB sticks will be subverted somewhere along the<br>
build chain, so my preference is to make it easy to read out the<br>
programming information and to be able to probe the internal signals.<br>
You probably are right that in reality users would never bother with<br>
such authentication, which is why I would like to see a volunteer<br>
group of people who do bother to prove that most of these USB keys are<br>
safe.<br>
<br>
But you are right that my version makes it easy for an attacker to<br>
steal my USB key and read out the keys...<br>
<br>
It's a tough problem...<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Bill<br>
</font></span></blockquote></div><br></div>
--089e0160c4fc4aa06f04efbabd0d--
--===============7400142613807411480==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============7400142613807411480==--
