Hardware generators

Pat Farrell pfarrell at netcom.com
Sun Jun 19 10:54:07 PDT 1994 

In message Sun, 19 Jun 94 10:50:14 EDT,
  Adam Shostack <adam at bwh.harvard.edu>  writes:

> Understood, but its not a matter of addressing 90% or the
> other 10%, its a matter of "Is the security gain in building a card
> that only hands out each number once worth cutting out 10% of the
> market?"  I think that if you are worried about rouge code on your
> machine, you aren't going to run on  a computer that can't protect its
> memory from random browsing.  (I can still access all of a PC's memory
> from normal code, can't I?)  Thus, building a PC card doesn't really
> afford you a gain in security if I can use my hostile code to read
> PGP's memory locations.  If you agree with that, then there is no good
> reason not to build a serial port dongle, and include me in your
> potential customers. :)

I think I'm a bit confused. Your first post suggested that I was ignoring
an important part of the market, and I acknowledge that this was delibrate.

Now you seem to be arguing that the paranoia that I addressed in my
fourth question is justified. I'd like more backup for this, as
all I have is speculation at this point. I don't know if it is paranoia or
prudence.

Yes, if you are running DOS/Windows, you can address the world. Sigh.
And lots of other/better OS fix this, but they haven't got the market
penetration. So I'm back to addressing lots of folks, or a few
ones with real computers and real operating systems. I'd rather not
degrade into that religion, I started with TOPS-10 and moved to Tenex...

The problem with the serial port dongles are:

1) while parallel port dongels are known technology, making it work
on a serial port is more problematical.

2) Most PC serial ports are junk. Getting reliable data rates above
2400 baud is non-trivial for low end PCs. If I could claim that the
users had to have 16560AFN uarts, or better, then I could get decent
rates, but then I lose market size.

3) PCs typically don't have a spare serial port.

It is interesting that my mail is so far favoring an internal board
approach. Given that, and the forthcomming Plug-n-Plan spec from
Microsoft/Compaq/Intel/... and the hidious hassles of seting
up IRQs, port addresses, etc. Does this suggest that a
Plug-n-play board would be more attractive?

The key is that they would be more expensive, at least at first. Compaq
probably has the volume that can allow the cost difference to be
offset by lower tech support costs. I haven't got that volume yet.

Pat

Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>

More information about the cypherpunks-legacy mailing list