[Cryptography] [cryptography] Show Crypto: prototype USB HSM

[Ron Garret]

On Apr 13, 2016, at 4:16 PM, Jerry Leichter <leichter at lrw.com> wrote:

>>> Yes, make it significantly smaller than the current form factor.
>> 
>> Ah.  OK, well, that is certainly doable, though how small you can make it is ultimately limited by the size of the display.  How small do you want it, and how much are you willing to pay?
> I wonder if one could get rid of the display per se and add some kind of MEMS steerable laser to it.  The output would be projected onto some nearby surface.  This could be physically much smaller.

Hm, that is an interesting idea.  But I think it’s a little more than I want to bite off for version 1.

> In another message, you suggested using a passphrase to unlock the thing, so even decapping wouldn't reveal the secrets.  That requires a secure input device.

Only if you have an adversary that pwns your client machine *and* then obtains physical control of the device.  For either of these attacks in isolation, a non-secure input suffices.

> Going all the way to a virtual keyboard might do the trick.  The keyboard doesn't have to be very good, just functional for this one purpose.
> 
> Of course, this would add significantly to cost, though the one I listed above only costs $40.   What size you could end up with isn't clear.

I’m not trying to protect against every conceivable attack, I’m just trying to design an 80/20 solution (actually I think what I have is closer to a 99/1 solution, but it’s early yet).  One must always keep Munroe’s law in mind:

https://xkcd.com/538/

rg