[Cryptography] Kindle as crypto hardware

John Gilmore gnu at toad.com
Thu Dec 5 03:37:18 EST 2013 

> What I really want from a crypto key management device is that it be
> 
> * Small and light
> * Have processor and display capabilities
> * Be possible to control the operating system build completely
> * Be cheap enough to be a burner machine

Reusing previous generation mass market devices (like a Kindle) is
a good idea.  My suggestion is a Sharp Zaurus.  eBay has them for
$30-80, they run a pretty stock micro Linux from flash or microdrive.
Full chicklet keyboard for passphrases and programming.

Nokia N800 is similar but slightly later.  No keyboard tho.

Main issue is:

> How do you want to tranfer your crypto bits? Do you want to use
> network/wifi/serial or usb storage devices; IOW should the device be
> offline or online?

Do you have an existing remote-key-access protocol in mind, that's
supported by any existing software?  What does *that* code expect?

I was thinking you wanted this to keep your keys securely, and
deliver encryption, decryption and signing services on demand,
like a crypto-in-hardware token, but one you could actually trust.
But Phillip's example was to use this as the UI for a secret sharing
application and then destroy it.  And Kent's was as a password locker,
where he'd read passwords from the screen and type them into another
device.  What function are we trying to solve here?

USB-slave or Ethernet are possible bets for high security and high
likelihood of connecting successfully to laptops or desktops.  Wifi is
a bit too open for a crypto protocol, and Bluetooth compatability is
an oxymoron.  But if you want to provide remote keying material to a
smartphone app, you're stuck with them.

Some Zauruses had PCMCIA slots and you could get a Wifi-G card or even
a 10-Mbit Ethernet card.  Most or all had no networking built-in.
Some had USB slave access.

Nokia N800 had only crappy WiFi (mine dies at random intervals) and
no slots except SD cards.

What ever happened to those old Java-rings or iButtons with the 1-wire
interface?  They were designed for almost exactly this application.
(Touch the ring to a point on a device or wall, it authenticates or
decrypts.  No UI beyond that, except for initial programming.)

	John

More information about the cryptography mailing list