[Cryptography] USB firewall/condom HW/SW
Jerry Leichter
leichter at lrw.com
Mon Mar 13 18:20:49 EDT 2017
All the responses so far have been snarky comments about why you should trust this device. If you don't trust *this one* - don't buy it. Or wait until the code has been audited - or audit it yourself. Sure, the underlying hardware might be hostile - but then that's the case for every USB device out there. And on top of that, you can't generally trust the software either.
Can we consider the realities of such a device? Can a useful device like this actually be built? If I plug a memory stick into it and the firmware has been modified to actually report that it's a keyboard, and it starts typing commands into the console ... how could the USB firewall know? It sees a device that identifies itself as a valid keyboard. How can it know that it was supposed to be something else?
-- Jerry
More information about the cryptography
mailing list