On Fri, 2016-05-20 at 17:13 -0700, Steve Calfee wrote:
> A clever attacker would provide a false USB key which is "almost"
> random. This would allow them to decrypt messages based on the false
> key, with nobody else knowing there was a vulnerability. An almost
> random number simplifies
Hi Keith,
On Thu, May 19, 2016 at 9:23 PM, Keith Packard wrote:
> Dave Tian writes:
>
>> I am personally in favor of a TPM-like solution, since we probably
>> couldn’t/shouldn’t disable the firmware update anyway,
>> and we really need a hardware
> On May 19, 2016, at 10:59 PM, Dave Tian wrote:
>
>
>
>> On May 19, 2016, at 8:06 PM, Keith Packard wrote:
>>
>> Oliver Neukum writes:
>>
>>> I think we would need to use a form of public key cryptography
>>> in the same
Oliver Neukum writes:
> I think we would need to use a form of public key cryptography
> in the same manner used to verify authorship of emails. The host
> would provide a nonce value that the device encrypts and returns.
> The host would verify the signature.
We could
Oliver Neukum writes:
> Good point. The logical answer would be to not ship the key. That means
> that users would "format" their chaoskeys and get their private key into
> the kernel by an attribute or ioctl.
Now *there's* a good idea. Ship the firmware and firmware loader
On Thu, 2016-05-19 at 12:52 -0700, Keith Packard wrote:
> Oliver Neukum writes:
>
> > I think we would need to use a form of public key cryptography
> > in the same manner used to verify authorship of emails. The host
> > would provide a nonce value that the device encrypts and
Oliver Neukum writes:
> I think we would need to use a form of public key cryptography
> in the same manner used to verify authorship of emails. The host
> would provide a nonce value that the device encrypts and returns.
> The host would verify the signature.
We're shipping
On Thu, 2016-05-19 at 14:12 -0400, Dave Tian wrote:
> > The Chaoskey device explicitly does not address physical
> > attacks. Assuming physical security makes things a lot easier, and
> > one
> > of the simplifications is that we can assume that any physical
> > device
> > connected to the
Oliver Neukum writes:
> Hi,
>
> I've been going through the drivers with an eye on security.
> And a question arose. How do we know that a device that claims
> to be a chaoskey is really a chaoskey?
A fine question, and one we've thought about extensively.
The Chaoskey device
Hi,
I've been going through the drivers with an eye on security.
And a question arose. How do we know that a device that claims
to be a chaoskey is really a chaoskey?
Regards
Oliver
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a
10 matches
Mail list logo