[Cryptography] Kindle as crypto hardware

[Kent Borg]

On 12/03/2013 11:39 PM, Phillip Hallam-Baker wrote:
> What I really want from a crypto key management device is that it be
>
> * Small and light
> * Have processor and display capabilities
> * Be possible to control the operating system build completely
> * Be cheap enough to be a burner machine

I recently bought a crazy cheap Android phone from a company in China 
(Hong Kong?): geekbuying.com

The phone I bought has since fallen to under a $100.

It came with only the open source apps that are part of Android (no 
maps, for example, which is fine with me) and only a couple other custom 
apps, I have installed very little more, and with the radios off, it 
looks like I have over a month of idle battery life.  Even this is only 
charging the battery to 90% to try to conserve its total life span.

I have never put a SIM in either of its dual slots. I have never 
directly connected it to the internet.  (This policy was before Snowden 
and Schneier stuff publicized such precautions, but it made sense to me.)

Unfortunately, when I counted the number of different passwords I have 
to enter to sync and back up its data, it is a lot, too many for a 
civilian.  But the result is I don't think it is the weak link in my 
password scheme.

To use it requires my entering a longish password to unlock the phone 
and another longish password to decrypt the key database. This is 
cumbersome on a little screen, but it is portable, much smaller than a 
Kindle, and the smaller screen is probably more suited to use in public. 
I added it to the bag I use as a purse and have with me mostly always. 
I don't have full control over its software, but one likely could for a 
lot less effort than breaking into a Kindle.  (The manufacturer likely 
isn't going to fight you as Amazon would.)  Instead I rely on keeping it 
mostly incommunicado.

Aren't there some explicitly open source phones finally popping up? They 
might be a cleaner starting point.

-kb