Re: [Arm-netbook] hardware encrypted flash drive idea with gpl3 license
On 09/21/2017 01:10 AM, Luke Kenneth Casson Leighton wrote: ...snip... > baiscally what i'm saying, with this story is: the tricky part will > not be the software at all: the tricky bit will be getting a processor > into a tamper-resistant, tamper-detecting box. > I can't vouch for them, but ISTR a project on Crowd Supply to produce a USB password storage device. Been too long to recall how well it meets the criteria for real security. OT: I've recently gotten back to reading the list after all the list emails got sent to spam for a while. Tor -- Tor Chantara http://www.fineartmarquetry.com/ 808-828-1107 GPG Key: 2BE1 426E 34EA D253 D583 9DE4 B866 0375 134B 48FB *Be wary of unsigned emails* ___ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netb...@files.phcomp.co.uk
Re: [Arm-netbook] hardware encrypted flash drive idea with gpl3 license
On Thu, Sep 21, 2017 at 11:16 AM, Philip Handswrote: > Most of the time, what you're calling hardware is liable to just be > software running on a different processor, perhaps in a box that has > been glued shut such that it's less convenient for bugs to be found, > fixed and patched. glued shut, electric fences added which electrocute the user, or run the instruction "HCF" [Halt and Catch Fire. mythical iinstruction which was supposed to be in the 68000 or perhaps the 8086, but was actually down to running a loop of instructions that flipped IO and internal logic so hard that the processor overheated). :) the latest freescale has an on-board Cortex M0 i think it is, which is ultra-low-power enough to run permanently on battery, so you can do tamper-detection. you'll like this: when i was working for NC3A i was asked to help with a little ethernet network box that transferred data from a low-security environment to a high-security one. the rule was simple: absolutely no physical connection, and absolutely no data must travel - ever from the high security level to the low security one. that *includes* ICMP packet responses which are normally used to acknowledge and set up even a *UDP* connection. so somebody wrote a *modified* TCP stack which took out the need for ICMP traffic... but it went way waaay further than that. the metal box was implemented as an ultra-low power receiver / transmitter pair, with a metal firebreak and a tiny hole between for the radio signal to get through on a Coax cable (so that there was no data leakage by emitted radio waves). power was SEPARATELY provided on both sides of the box. then when it was confirmed 100% working, the ENTIRE BOX WAS FLOODED WITH RESIN. bit of a heat problem, that baiscally what i'm saying, with this story is: the tricky part will not be the software at all: the tricky bit will be getting a processor into a tamper-resistant, tamper-detecting box. l. ___ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netb...@files.phcomp.co.uk
Re: [Arm-netbook] hardware encrypted flash drive idea with gpl3 license
zapwrites: ... > also, hardware encryption is far stronger than software encryption. Faster (potentially), maybe less open to side-channel attacks (if properly designed), but I see no reason that the same algorithm implemented in silicon would be any "stronger" than if it were in software. Most of the time, what you're calling hardware is liable to just be software running on a different processor, perhaps in a box that has been glued shut such that it's less convenient for bugs to be found, fixed and patched. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY ___ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netb...@files.phcomp.co.uk
Re: [Arm-netbook] hardware encrypted flash drive idea with gpl3 license
On 09/20/2017 04:14 PM, Christopher Havel wrote: > Forgive my inevitable naivety with regard to this sort of thing, but can't > gparted create encrypted partitions, and why wouldn't that be secure > enough...? My understanding is that it still takes a few hundred years to > crack AES encryption with a standard PC... and the average criminals who > are likely to blackmail you, I can't imagine they're well funded enough to > buy a supercomputer sufficient to pop the lid on those things in a > reasonably timely fashion. You could be right, but It would be a good thing for those who lose things they don't want others to access. also, hardware encryption is far stronger than software encryption. > > Of course, if you piss off the Russian Mob, that's different, at least > potentially... but that's also a comparatively pretty rare circumstance, > I'd think. > ___ > arm-netbook mailing list arm-netbook@lists.phcomp.co.uk > http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook > Send large attachments to arm-netb...@files.phcomp.co.uk ___ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netb...@files.phcomp.co.uk
Re: [Arm-netbook] hardware encrypted flash drive idea with gpl3 license
The hover text is pretty much my position on the subject -- although I've been informed that it's a rather obsolescent conclusion. (...to which my response almost always is, "I'm sorry, sir/madam/etc, but I'm all out of kitchen foil." ;) ) ___ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netb...@files.phcomp.co.uk
Re: [Arm-netbook] hardware encrypted flash drive idea with gpl3 license
Christopher Havelwrites: > Forgive my inevitable naivety with regard to this sort of thing, but can't > gparted create encrypted partitions, and why wouldn't that be secure > enough...? My understanding is that it still takes a few hundred years to > crack AES encryption with a standard PC... and the average criminals who > are likely to blackmail you, I can't imagine they're well funded enough to > buy a supercomputer sufficient to pop the lid on those things in a > reasonably timely fashion. > > Of course, if you piss off the Russian Mob, that's different, at least > potentially... but that's also a comparatively pretty rare circumstance, > I'd think. Obligatory XKCD: https://www.xkcd.com/538/ ;-) Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY ___ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netb...@files.phcomp.co.uk