Re: "The State of Crypto" and simple use protocols
From: Tim Smith (reply_in_group_at_mouse-potato.com)
Date: 12/18/03
- Next message: David Holland: "Quadratic Sieve steps"
- Previous message: Barry Wels: "Re: CryptoPhone source and CryptoPhone for Windows released"
- In reply to: RDJ: ""The State of Crypto" and simple use protocols"
- Next in thread: RDJ: "Re: "The State of Crypto" and simple use protocols"
- Reply: RDJ: "Re: "The State of Crypto" and simple use protocols"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Dec 2003 20:45:05 GMT
In article <0312181143220.10779328.ramanujan@outbound>, RDJ wrote:
> first use protocol:
> 1. insert config floppy, boot from CD-ROM, unplugged from ethernet.
> 2. configure IP info, generate server host keys.
> 3. save configuration to config floppy1, remove.
> 4. insert local user key floppy, generate local user crypto keys, save to floppy2, remove.
Many people are now building computers without floppy drives. It would make
more sense to use one of those cute little USB flash drives.
...
> The reason for all of these separate floppies is that software seems much
> less trustworthy than crypto right now. Set floppy1,2,3 read-only after
> first write, combine with a CD-ROM boot, be careful about when you're
> plugged into ethernet, and it seems to me that you've greatly minimized
> your risk, excepting a tampered BIOS/floppy drive/hardware keystroke
> logger/other exotica. I think these protocols minimize risk that anyone
I don't see a need for unplugging from the ethernet. You are implicitly
assuming the CD disc is safe, so the only risk of ethernet is that someone
has tampered with the machine in some way that lets it send stuff out the
ethernet without the knowledge of the OS the CD boots. People able to get
to your computer and tamper at that level of sophistication can figure out
how to also put in some place to store the information until the ethernet
gets plugged in again, so you haven't really stopped them by unplugging the
ethernet.
...
> I'd appreciate any comments or objections.
Long lines annoy people.
-- Evidence Eliminator is worthless. See evidence-eliminator-sucks.com --Tim Smith
- Next message: David Holland: "Quadratic Sieve steps"
- Previous message: Barry Wels: "Re: CryptoPhone source and CryptoPhone for Windows released"
- In reply to: RDJ: ""The State of Crypto" and simple use protocols"
- Next in thread: RDJ: "Re: "The State of Crypto" and simple use protocols"
- Reply: RDJ: "Re: "The State of Crypto" and simple use protocols"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
