<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Dec 4, 2013 at 11:02 AM, Theodore Ts'o <span dir="ltr"><<a href="mailto:tytso@mit.edu" target="_blank">tytso@mit.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Wed, Dec 04, 2013 at 10:40:25AM -0500, Phillip Hallam-Baker wrote:<br><br></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
(BTW, my quick pricing of a Rasberry Pi with a display is not cheaper<br>
than an Arduino, but your milage may vary.)</blockquote><div><br></div><div>The Pi has HDMI out so it can hook into an existing display so depending on the application it is a wash. It also has the random number generator and the operating system boots from SD card which I find more comforting than loading up a black box via USB.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
</div>One other nice thing about using your own kit version is that it's<br>
simpler to do certified distruction of only the components that might<br>
contain keying information, and be able to reuse the rest. It's also<br>
probably easier to create a tamper-proof enclusure with an Arduino<br>
style device compared to using a Kindle.<br></blockquote><div><br></div><div>Yes, there are some applications for which this is essential. Generating EC curves for example.</div><div><br></div><div>But as I showed in a previous post, there are techniques that we can use that allow us to audit the operation of a device without performing a full code audit.</div>
<div><br></div><div>Basically we use that NSA DUAL_EC_DRNG with a backdoor for the purpose it was probably originally designed which is to enable the devices to be audited by making their behavior deterministic.</div><div>
<br></div><div><br></div><div>So I don't dispute that we will want to use Arduino or Pi class hardware for some purposes. But there are other options available as well.</div></div><div><br></div>-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>