Comments on: S.NSA - Cardano pricing, other statements

By: S.NSA, October 2013 Statement (1) on Trilema - A blog by Mircea Popescu.

S.NSA, October 2013 Statement (1) on Trilema - A blog by Mircea Popescu. — Tue, 07 Jan 2020 00:04:51 +0000

[...] announced previously. Contract at comment #1. This fee represents the production of 100 pcs, further charges will be [...]

By: This Secure Email Problem « Bingology - BingoBoingo's Blog

This Secure Email Problem « Bingology - BingoBoingo's Blog — Thu, 01 Aug 2019 02:15:37 +0000

[...] the email privacy problem. The group getting less attention is smaller and still very intelligent No Such lAbs team which has a announced pricing and other details on a hardware tool for handling th.... What are we to think of the two [...]

By: Mike the goat

Mike the goat — Sat, 02 Nov 2013 08:51:15 +0000

Stanislav: re "boojums" - makes sense that you'd want to avoid, say power analysis being used on the device amongst other things if you were to rely on USB bus power.

re RNG - yes, we've had this conversation before on schneier.com. You know my feelings about "black box" RNGs like Intel RDRAND where verification (at least for the average electronics shop engineer) is impossible. Good choice.

re sealing the device - I would assume those buying the device will have their own ideas about how to secure it. Obviously the best thing is to ensure that the damn thing is never allowed to get into a situation where it could potentially fall into the hands of an adversary (without first being cleared).

re the host PC being aware its a security device - no doubt if the Cardano becomes popular an evil OS could look for a mass storage device that conforms to your spec (i.e. is FAT16, reports whatever size you decided upon, etc). I guess if your OS has been subverted then it is game over on many different fronts.

.. Which brings us to the PC architecture and how much it stinks. Got a free afternoon?!!! ;-)

By: Stanislav Datskovskiy

Stanislav Datskovskiy — Fri, 01 Nov 2013 16:33:55 +0000

Mike the goat,

The battery is used for *all* operations involving the private key. In fact, the RSA key ROM receives power only when the device is running from the battery. This eliminates a whole host of potential boojums.

At any rate, if you want to seal your unit in a glass ampule, you're welcome to do so yourself. At the target price point, such luxuries are out of the question.

By: Stanislav Datskovskiy

Stanislav Datskovskiy — Fri, 01 Nov 2013 15:32:41 +0000

Mike the goat,

Even if you disregard the (abundant) design flaws of the existing smartcards, there remain two basic problems: 1) The host PC is aware of the fact of a purpose-built piece of cryptographic hardware being plugged in. That is to say, a big fat bull's eye for a compromised OS to shoot into. 2) The owner's ability to verify that a smartcard "does what it says on the box" - unless he has an electron microscope, ion beam workstation, and abundant spare time - is effectively nil.

#2 applies to any and all systems where an RNG is contained on chip. That is a dead end from the very beginning. A proper TRNG must consist of discrete, commonly-available components, whose function can be verified with: sharp eyes, and basic electrical test instruments - oscilloscope, logic analyzer, software of your own design connected to either.