[Cryptography] The crypto behind the blackphone

ianG iang at iang.org
Fri Jan 31 01:34:17 EST 2014


On 28/01/14 00:10 AM, Jon Callas wrote:
....
> But still, I've never said "safe." I've said security-enhanced, and
> lots of things like that, which are all true, but I'd never say
> safe -- because I know about the dangers of compromised hardware.


Safety is a relative term used absolutely.  Secure phones aren't
secure if one enlarges the envelope slightly to include the owner, and
the crook standing next to her with a gun to her head.

Many will say "that's not our problem" but that also means they're not
doing security.  Security is measured by the results not the promises.

...
> My truest personal goal for Blackphone is read an Android hardening
> guide sometime in the future that will give a list of the things
> you should do to lock down your Android phone,


That would be a seriously interesting document.  Is there any such
thing around?

There used to be the NSA hardening guide for Mac OSX but they didn't
publish it after 10.4 iirc.  Another example of how they could help
industry and government, thwarted by some agenda issue, no doubt.


> and at the end it will say, "Or you could just buy a Blackphone." I
> want it to come out of the box the way that serious people like us
> on this list would want it.


Right.  That's an economically efficient service.  Assuming a guide, I
can harden my phone, I suppose, but I haven't the time.  I'd rather
pay the premium and have it done, out of the box.



iang


More information about the cryptography mailing list