On 11/10/17 04:49, Robert J. Hansen wrote: > The assumption was the web server was compromised: given that, how > can you be absolutely sure there's no communication channel back to > the trusted tabulator?
Ah, this isn't about corrupting data on the line, about getting wrong data in what is the correct direction. This is about ensuring that a simplex link is really a simplex link. It's about data not going in the wrong direction. Furthermore, it is a simplex link from a trusted to an untrusted system. Whereas the OP was talking about wanting to transfer data from an untrusted to a trusted system. Our frames of reference were different: I was actually mostly thinking about a duplex system, which if needed could be reduced to simplex, in which case it would be the other way around than your use-case. I never considered the scenario where the trusted system was already compromised and you need to make sure it is completely deaf and blind so an attacker can't influence it in real time. > We didn't need a fast link from the tabulator to the web server: we > needed a slow and absolutely, positively, definitively one-way link. I'm sure you're aware of this, but I think it's useful to point out since this is a public mailing list :-). If your attacker can get physically somewhat close to your tabulator, there are RF and powerline attacks to consider as well... if you don't trust the IC's in the tabulator, that can get tricky. The disadvantage for your attacker is lack of economy of scale: an attack through internet can be done from your home to anywhere on the planet. If you need to be in the vicinity of your target, you lose that. Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users