[Cryptography] Other obvious issues being ignored?

John Denker jsd at av8n.com
Tue Oct 20 19:35:45 EDT 2015


On 10/20/2015 11:48 AM, Arnold Reinhold wrote:

> Modern computers are too complex to be secure. It’s turtles
> (processors) all the way down. Few people even know how many
> processors are in their computer and peripherals they use, much less
> have any visibility into the code that executes on those processors.

+1 To that.

Smart disk drives and smart flash drives have legitimate goals
of throughput and reliability that conflict with the goals of
security.  In particular, they cannot be zeroized in any nice
way.

I reckon we can somewhat alleviate that by using full-disk
encryption.  We are then left with the problem of zeroizing
the keys in the coprocessor that does the encryption.
That's still hard, but overall it seems like a step in the
right direction, insofar as it is more localized and less 
likely to conflict with the drive's other goals.

> And the universal presence of user accessible I/O ports creates huge
> security holes.

Compared to some other stuff we've been discussing, that's
relatively easy to fix.  Open the case, unplug or cut the
wires leading to the external ports, then re-seal the case.
And/or fill the ports with a 50/50 mixture of industrial
epoxy and silicon carbide grit.


More information about the cryptography mailing list