[Cryptography] A review per day of TRNGs: OneRNG
Bill Cox
waywardgeek at gmail.com
Wed Oct 22 18:29:02 EDT 2014
On Wed, Oct 22, 2014 at 12:46 PM, Jerry Leichter <leichter at lrw.com> wrote:
> On Oct 22, 2014, at 10:01 AM, Bill Cox <waywardgeek at gmail.com> wrote:
> > As for downsides.... Also, the possibility of having it reprogrammed by
> an attacker who intercepts it in the mail remains an issue, since most
> users will not likely re-flash their device. I am not sure if the flash
> can be dumped securely over USB, or if an attacker can mod the program to
> deliver the original firmware, hiding the malware.
> Sounds like a great application for "sparkly nail polish" security. Paint
> over the access points - the outside screws, the chips and on to the board,
> over a piece of tap sealing the USB - with one of those nail polishes with
> sparkly bits in it. Take photos of each spot and deliver separately from
> the device itself, preferably through multiple channels (e.g., send in a
> separate envelope, and put signed copies on line). The exact speckle
> pattern is random and as far as I know impossible to duplicate. It's also
> easy to check "by eye".
> -- Jerry
>
>
>
Nice! I'll have to remember this method.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141022/1747bb30/attachment.html>
More information about the cryptography
mailing list