At 12:08 PM 7/15/03 -0700, Tim May wrote:

On Tuesday, July 15, 2003, at 09:05 AM, Major Variola (ret) wrote:

...

Epoxy and other conformal coatings are also your friends.

Thinking about this brief comment, I assume MV means sealing a PC to make black bag opening more apparent.

Both more apparent and more physically difficult.

But this suggest a return to _sealing wax_. Seriously.

:-) Only modern sealing waxes don't melt, adhere extremely well, and make tampering evident. They also mean the Adversary has to spend a lot more time... maybe more than one visit.

(As we all know, CIA and other spook agency "flaps and seals" specialists are well-versed in duplicating such seals...

Yes. but probably

only after collecting good information. An FBI black bag job is likely to encounter the sealing wax and seal and be unable to duplicate it.

You seem to think I thought the epoxy would be used like a seal, with the signet ring and all, visually verified when you sit down. That's too lame, any hobbyist whose good with casting can dupe it. I just meant that if Scarfo had epoxied his keyboard to his chassis properly, (and epoxied the keyboard, etc.) he might still be free (to pick shitty passphrases, it turned out). And some "sealing waxes" such as those used on nuclear weapons and verification devices, are very difficult to duplicate. Given, they require special equipment to read. (Fine reflector particles dispersed in clear epoxies) Or, as has been discussed here before, if Nico did his crypto work on a handheld that stayed with him. (An epoxy-sealed one, of course.) Your suggestions re USB, PCMCIA, etc. are in the same line. Better, because they're smaller. However, I don't know of a card that you can *shower* with, which is frankly what's required. It can't ever leave you. A keychain fob is not good enough. Even a finger ring gets removed sometimes.

(All of this slows down the process. The rigamarole that a shipboard crypto shack will put up with is not the same as what Joe Sixpack will put up

Yes, but Scarfo's DirOpSec should have been able to convince him that at the hourly rate the Company pays him, he should put up with it :-) He can surf for porn on a different machine. As long as he knows to use different passwords there...

-- the usual point about having a network with a secure machine locked up very well in a closet or safe (I have a large gun safe, which I usually run a small heating element into to prevent condensing conditions...I have toyed with the idea of putting a small PC running on 25-40 watts, or less, into this gun safe, with only a power cord and

Ethernet wire coming out).

I like the dual use of keeping a security-sensitive PC in a gun safe which also keeps the guns dry :-) You could have the door opening silence the PC, too. A nice lead lining will keep the black bag x-ray team (they'll borrow a unit from the bomb squad) from seeing much.

Still, his series fits with the kind of security awareness and hypervigilance we often discuss.

"The ultimate in paranoia is not when everyone is against you but when everything is against you." PKD (and quite apropos here)