[Cryptography] A review per day of TRNGs: OneRNG

Bill Cox waywardgeek at gmail.com
Wed Oct 22 18:29:02 EDT 2014

On Wed, Oct 22, 2014 at 12:46 PM, Jerry Leichter <leichter at lrw.com> wrote:

> On Oct 22, 2014, at 10:01 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> > As for downsides....  Also, the possibility of having it reprogrammed by
> an attacker who intercepts it in the mail remains an issue, since most
> users will not likely re-flash their device.  I am not sure if the flash
> can be dumped securely over USB, or if an attacker can mod the program to
> deliver the original firmware, hiding the malware.
> Sounds like a great application for "sparkly nail polish" security.  Paint
> over the access points - the outside screws, the chips and on to the board,
> over a piece of tap sealing the USB - with one of those nail polishes with
> sparkly bits in it.  Take photos of each spot and deliver separately from
> the device itself, preferably through multiple channels (e.g., send in a
> separate envelope, and put signed copies on line).  The exact speckle
> pattern is random and as far as I know impossible to duplicate.  It's also
> easy to check "by eye".
>                                                         -- Jerry
Nice!  I'll have to remember this method.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141022/1747bb30/attachment.html>

More information about the cryptography mailing list