Re: question on trust in chaoskey

2016-05-20 Thread Oliver Neukum
On Fri, 2016-05-20 at 17:13 -0700, Steve Calfee wrote: > A clever attacker would provide a false USB key which is "almost" > random. This would allow them to decrypt messages based on the false > key, with nobody else knowing there was a vulnerability. An almost > random number simplifies

Re: question on trust in chaoskey

2016-05-20 Thread Steve Calfee
Hi Keith, On Thu, May 19, 2016 at 9:23 PM, Keith Packard wrote: > Dave Tian writes: > >> I am personally in favor of a TPM-like solution, since we probably >> couldn’t/shouldn’t disable the firmware update anyway, >> and we really need a hardware

Re: question on trust in chaoskey

2016-05-19 Thread Dave Tian
> On May 19, 2016, at 10:59 PM, Dave Tian wrote: > > > >> On May 19, 2016, at 8:06 PM, Keith Packard wrote: >> >> Oliver Neukum writes: >> >>> I think we would need to use a form of public key cryptography >>> in the same

Re: question on trust in chaoskey

2016-05-19 Thread Keith Packard
Oliver Neukum writes: > I think we would need to use a form of public key cryptography > in the same manner used to verify authorship of emails. The host > would provide a nonce value that the device encrypts and returns. > The host would verify the signature. We could

Re: question on trust in chaoskey

2016-05-19 Thread Keith Packard
Oliver Neukum writes: > Good point. The logical answer would be to not ship the key. That means > that users would "format" their chaoskeys and get their private key into > the kernel by an attribute or ioctl. Now *there's* a good idea. Ship the firmware and firmware loader

Re: question on trust in chaoskey

2016-05-19 Thread Oliver Neukum
On Thu, 2016-05-19 at 12:52 -0700, Keith Packard wrote: > Oliver Neukum writes: > > > I think we would need to use a form of public key cryptography > > in the same manner used to verify authorship of emails. The host > > would provide a nonce value that the device encrypts and

Re: question on trust in chaoskey

2016-05-19 Thread Keith Packard
Oliver Neukum writes: > I think we would need to use a form of public key cryptography > in the same manner used to verify authorship of emails. The host > would provide a nonce value that the device encrypts and returns. > The host would verify the signature. We're shipping

Re: question on trust in chaoskey

2016-05-19 Thread Oliver Neukum
On Thu, 2016-05-19 at 14:12 -0400, Dave Tian wrote: > > The Chaoskey device explicitly does not address physical > > attacks. Assuming physical security makes things a lot easier, and > > one > > of the simplifications is that we can assume that any physical > > device > > connected to the

Re: question on trust in chaoskey

2016-05-19 Thread Keith Packard
Oliver Neukum writes: > Hi, > > I've been going through the drivers with an eye on security. > And a question arose. How do we know that a device that claims > to be a chaoskey is really a chaoskey? A fine question, and one we've thought about extensively. The Chaoskey device

question on trust in chaoskey

2016-05-19 Thread Oliver Neukum
Hi, I've been going through the drivers with an eye on security. And a question arose. How do we know that a device that claims to be a chaoskey is really a chaoskey? Regards Oliver -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a