[Cryptography] Kindle as crypto hardware
Lodewijk andré de la porte
l at odewijk.nl
Thu Dec 5 08:37:09 EST 2013
Why not just use a piece of paper? Except if you'd like it to do
calculations for you. In which case you should keep to "something that
stores data and does certain calculations".
Definitely NOT get *nix! That's asking for trouble.
If you take anything morepowerfull than an Arduino there'll likely be
exploits.
I strongly recommand rolling your own.
Battery + PIC + display (example <https://www.sparkfun.com/products/9363>)
+ keyboard (example<http://www.ebay.com/itm/OEM-Blackberry-Bold-Q10-Qwerty-Keypad-Keyboard-Membrane-Flex-Cable-Replacement-/221329592432?pt=US_Cell_Phone_Replacement_Parts_Tools&hash=item3388459070>)
= 30-40 USD
Only the PIC needs to be disposed of. I'd mount it in a socket, and then
replacing it costs <2USD (depends on the PIC ofc). You could use the PIC's
volatile memory to store data, that way you can destroy your keys easily in
a pickle (just yank the PIC out of it's socket). It'd be insanely hard to
retrieve the data after that indeed.
The display and keyboard I picked are both cellphone components. The
display mounted to a PCB for easy reuse. The keyboard has a flex cable,
which might be a bother. I'm sure you have an old cellphone around, else
you can check any thrift store and reuse a phone they didn't think they'd
ever get rid off anymore. (those I did visit usually have a bunch in the
back. I even found one that trashed them as "electronics waste", and I
could take a bundle for free!)
If you want to buy a kindle that's fine too. Ebay has a ton of "kindle
keyboard" kindles for about 45 USD. But remember you are not getting nearly
the security you could have gotten. And it's only a tease easier, and a lot
less fun. Maybe the most important thing is that it's totally uncool
compared to a hacked together little device.
2013/12/5 Bill Stewart <bill.stewart at pobox.com>
> At 08:19 AM 12/4/2013, you wrote:
>
> On Wed, Dec 4, 2013 at 11:02 AM, Theodore Ts'o <<mailto:tytso at mit.edu>
>> tytso at mit.edu> wrote:
>> On Wed, Dec 04, 2013 at 10:40:25AM -0500, Phillip Hallam-Baker wrote:
>> (BTW, my quick pricing of a Rasberry Pi with a display is not cheaper
>> than an Arduino, but your milage may vary.)
>> The Pi has HDMI out so it can hook into an existing display so depending
>> on the application it is a wash. It also has the random number generator
>> and the operating system boots from SD card which I find more comforting
>> than loading up a black box via USB.
>>
>
> HDMI means you can plug the Pi into a newer television or monitor, if
> you're not paranoid about those, and you can plug in a vanilla USB keyboard.
> There isn't persistent memory on the board; the OS is installed on a
> removable SD flash card, so if you need to shred anything it's the $5 flash.
>
> As much as I like the Arduino for controlling blinky-lights and
> thermostats, it's not the platform you want to use for number-crunching.
> It's an 8-bit CPU running at 20 MHz, so generating ECC keys will take
> unacceptably long. Spend the extra $10 for the Pi, which is at least a 700
> MHz 32-bit chip. And don't go buying that NSArrduino clone board, which
> has a chip marked "ATmega328" that's actually an ARM emulation with a radio
> transmitter.
>
> Both CPUs are under $5, and if you're willing to use a serial display, you
> could get one of the few PDIP ARM chips so you can plug the chip into a
> socket and have nothing with memory in it remaining on the board.
>
> But it's probably safe enough and a lot less labor to just get a cheap
> phone or Kindle that already has all the parts.
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131205/15b04034/attachment.html>
More information about the cryptography
mailing list