[Cryptography] Kindle as crypto hardware
John Gilmore
gnu at toad.com
Thu Dec 5 03:37:18 EST 2013
> What I really want from a crypto key management device is that it be
>
> * Small and light
> * Have processor and display capabilities
> * Be possible to control the operating system build completely
> * Be cheap enough to be a burner machine
Reusing previous generation mass market devices (like a Kindle) is
a good idea. My suggestion is a Sharp Zaurus. eBay has them for
$30-80, they run a pretty stock micro Linux from flash or microdrive.
Full chicklet keyboard for passphrases and programming.
Nokia N800 is similar but slightly later. No keyboard tho.
Main issue is:
> How do you want to tranfer your crypto bits? Do you want to use
> network/wifi/serial or usb storage devices; IOW should the device be
> offline or online?
Do you have an existing remote-key-access protocol in mind, that's
supported by any existing software? What does *that* code expect?
I was thinking you wanted this to keep your keys securely, and
deliver encryption, decryption and signing services on demand,
like a crypto-in-hardware token, but one you could actually trust.
But Phillip's example was to use this as the UI for a secret sharing
application and then destroy it. And Kent's was as a password locker,
where he'd read passwords from the screen and type them into another
device. What function are we trying to solve here?
USB-slave or Ethernet are possible bets for high security and high
likelihood of connecting successfully to laptops or desktops. Wifi is
a bit too open for a crypto protocol, and Bluetooth compatability is
an oxymoron. But if you want to provide remote keying material to a
smartphone app, you're stuck with them.
Some Zauruses had PCMCIA slots and you could get a Wifi-G card or even
a 10-Mbit Ethernet card. Most or all had no networking built-in.
Some had USB slave access.
Nokia N800 had only crappy WiFi (mine dies at random intervals) and
no slots except SD cards.
What ever happened to those old Java-rings or iButtons with the 1-wire
interface? They were designed for almost exactly this application.
(Touch the ring to a point on a device or wall, it authenticates or
decrypts. No UI beyond that, except for initial programming.)
John
More information about the cryptography
mailing list