At 12:43 PM -0500 9/22/98, Jim Choate wrote:
Forwarded message:
I don't know how hard this would be, but how about running a seperate memory check, and while those numbers are flashing on the screen, do the wait for imput?
So hide the keyscan in the memory counter code. Would work externaly, would probably not show up on TEMPEST. Since both the keyscan and the memory scan are repetitive TEMPEST might have a problem telling them apart. Provided you could get the keyscan in the same footprint as the mem check the BIOS would not show up as anomolous in size. As long as they're not running around doing checksums you'd be ok (I suspect).
At a certain threat level or level of "interest" in your affairs, whether you can hide the fact that you are using crypto or not is going to become irrelevant. In otherwords, if your threat level realistically includes CIA/NSA you're well and fucked. If "they" think you are a serious threat to them (as opposed to being a serious threat to the government/country) they will get you, they will lie, they will cheat, they will give some poor bastard plastic surgery to look like you, and take pot shots at the president on National TV, and then "escape custody". If you are operating at this level, you are trying to hide _your_ activities from prying eyes, true, but you are also trying to prevent _others_ from being compromised. If your opponent is using tempest, you are operating at that level. Tempest is expensive, and I'd imagine would have to be calibrated not only for each processor ([3-6]86, with all the variations (sx/dx, celeron, xenon etc,) as well as the NEC. AMD. and Cyrix clones thereof, ARM & StrongARM processors, PPC 601/3/4/G-3 processors, Motorola 68k processors, sparc processors etc) but (if you are looking at what the POST & BIOS actually does) for each BIOS AND OS. This is NOT an easy task, nor can it be done by a Bozo operating a X-Ray machine at an airport. If you have attacted enough attention to warrant the expense that this investigation is bringing on, you better either be totally clean AND on everyones good side, or they ARE going to find something. They're the government, locking people up is what they do best. -- petro@playboy.com----for work related issues. I don't speak for Playboy. petro@bounty.org-----for everthing else. They wouldn't like that. They REALLY Economic speech IS political speech. wouldn't like that.