[Cryptography] Dumb idea: open-source hardware USB key for crypto
Tom Mitchell
mitch at niftyegg.com
Fri Jan 10 21:59:06 EST 2014
On Fri, Jan 10, 2014 at 3:57 PM, Natanael <natanael.l at gmail.com> wrote:
> Den 11 jan 2014 00:23 skrev "Bill Cox" <waywardgeek at gmail.com>:
>
>
>>
>> I've been noodling the idea of a USB stick designed in a way that we
>> can trust the crypto that goes on there. It's a hard problem,
....
> You just put your trust in that the FPGA isn't backdoored.
....
An open source project could be a good thing.
The problem is so hard that numerous ideas
need to be researched.
I am still wrestling with the scope of the attack and data
leak at Target(tm). That Target had data that others
could exploit tells me that the security model for commerce
is totally broken.
Looking at my credit card history -- I clearly need 101 different
credit access methods/ credentials and a way to void one
or all of them. To include place a "trap" on them.
Consider the early Target(tm) advice to review ALL transactions
because the small easy to ignore ones could be probes to
validate the data. Any method for tomorrow needs a trap
method that is only an exploit trap not a use trap.
--
T o m M i t c h e l l
More information about the cryptography
mailing list