----- Forwarded message from ianG <iang@iang.org> ----- Date: Mon, 04 Aug 2014 11:31:39 +0100 From: ianG <iang@iang.org> To: cryptography@metzdowd.com Cc: Jerry Leichter <leichter@lrw.com> Subject: Re: [Cryptography] You can't trust any of your hardware Message-ID: <53DF610B.6080601@iang.org> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 On 4/08/2014 03:28 am, Jerry Leichter wrote:

On Aug 2, 2014, at 8:54 PM, Nemo <nemo@self-evident.org> wrote:

...

...

How many USB devices have ever been patched after sale? ... There are few sharp lines here, but there is a very broad, very heavily populated, set of "USB devices" that we commonly look at as having fixed functions based on code that will never be changed. USB memory sticks are extremely cheap and produced in the hundreds of millions. No one thinks of them as active devices. And yet ... they are. They contain significant processing power running non-trivial code - and that code can be replaced. That's the big message here. Yes, obvious in retrospect - but how much have *you* thought about defenses against legitimate memory sticks from major manufactures that have had their standard firmware replaced with attack code?

In CAcert we used the USB memory sticks for sneaker-packets in key-signing ceremonys, and for later escrow. We use 2 for each. They are to be purchased at a random retail street store on the day. Those not escrowed are destroyed afterwards. We might need to rethink the approach, perhaps with open source designs? iang _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message -----