[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

One Laptop Per Terrorist



On Sun, 29 Mar 2015 00:46:08 +0200
Markus Ottela <[email protected]> wrote:

> A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a
> lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ).


	Thanks! Checking it out. 


> It
> doesn't take a spy or terrorist to create something like this: TFC
> was a hobby of a CS-student.


	Yeah, that was one of my not-explicitly-stated points. Since
	such a device is almost 'trivial' to build, rendering a lot of
	fancy cryptoanalisis (and hacking) useless seems easy. So we
	arrive at the surprising and unheard-of conclusion that
	governments are a very big scam...



> 
> Distribution of key material isn't the big problem, keeping the keys
> secure from end-point exploitation is as TAO, ANT-implants,
> COMMONDEER, VALIDATOR, QUANTUM w/ UNITEDRAKE/SALVAGERABBIT
> etc. make it hard. 


	I'm not sure what exactly those things do, but they seem to be
	attacks against 'cosumer grade' hardware and software. Not
	likely to work against a $2 microcontroller with no radio and
	no network connection.


> But even these could be addressed in TFC - enforcing the
> need for close access operations, close proximity malware injection
> or retro reflectors and other HW implants is the only way to avoid
> untasked targeting from becoming the mass surveillance of next
> generation; It's the sweet spot of security, as the attack can not be
> automated, and the cost increases linearly with the number of targets.
> 
> On 28.03.2015 03:02, Juan wrote:
> > 
> > 
> > Seems to me that it's rather easy for terrorists to create simple
> > hardware for at least secure text messaging (or more). 
> > 
> > The recipe goes something like this :
> > 
> > 1) a microcontroller.
> > 2) a keyboard 
> > 3) an 'old' lcd text display
> > 4) eeprom memory - sd card
> > 5) a bunch of discrete components for a noise generator.
> > 
> > The idea is to mix all those ingredients plus code to get a system
> > that can 
> > 
> > 1) generate random data to be used as key in 'one time pad'
> > encryption 2) input text messages (and encrypt them of course)
> > 3) decrypt text messages to the screen
> > 
> > (if the microcontroller can act as an usb host it maybe possible to
> > get data from devices like cameras and encrypt it)
> > 
> > The thing is, distribution of the key material should be trivial for
> > any 'terrist' worth his salt.  So the only drawback of the allegedly
> > secure one time pad isn't really an issue. 
> > 
> > 
> > I'm guessing that any real 'spies' out there have been using
> > something like this for a while.
> > 
> > 
> > 
> >