Sealing wax, funny looking dogtags

Major Variola (ret) mv at cdc.gov
Tue Jul 15 14:42:56 PDT 2003 

At 12:08 PM 7/15/03 -0700, Tim May wrote:
>On Tuesday, July 15, 2003, at 09:05  AM, Major Variola (ret) wrote:
>> Epoxy and other conformal coatings are also your friends.
>>
>Thinking about this brief comment, I assume MV means sealing a PC to
>make black bag opening more apparent.

Both more apparent and more physically difficult.

>But this suggest a return to _sealing wax_. Seriously.

:-)  Only modern sealing waxes don't melt, adhere extremely well,
and make tampering evident.  They also mean the Adversary
has to spend a lot more time... maybe more than one visit.

>(As we all know, CIA and other spook agency "flaps and seals"
>specialists are well-versed in duplicating such seals...

Yes.

but probably
>only after collecting good information. An FBI black bag job is likely
>to encounter the sealing wax and seal and be unable to duplicate it.

You seem to think I thought the epoxy would be used like a seal,
with the signet ring and all, visually verified when you sit down.
That's too lame, any hobbyist whose good with casting can dupe it.
I just meant that if Scarfo had epoxied his keyboard to his chassis
properly, (and epoxied the keyboard, etc.) he might still be free
(to pick shitty passphrases, it turned out).

And some "sealing waxes" such as those used on nuclear weapons
and verification devices, are very difficult to duplicate.  Given, they
require special equipment to read.  (Fine reflector particles dispersed
in clear epoxies)

Or, as has been discussed here before, if Nico did his crypto work on
a handheld that stayed with him.  (An epoxy-sealed one, of course.)
Your suggestions re USB, PCMCIA, etc. are in the same line.
Better, because they're smaller.  However, I don't know of a card that
you can
*shower* with, which is frankly what's required.  It can't ever leave
you.  A keychain fob is not good enough.  Even a finger ring gets
removed
sometimes.

>(All of this slows down the process. The rigamarole that a shipboard
>crypto shack will put up with is not the same as what Joe Sixpack will
>put up

Yes, but Scarfo's DirOpSec should have been able to convince him
that at the hourly rate the Company pays him, he should put up with
it :-)  He can surf for porn on a different machine.  As long as he
knows to use different passwords there...

>-- the usual point about having a network with a secure machine locked
>up very well in a closet or safe (I have a large gun safe, which I
>usually run a small heating element into to prevent condensing
>conditions...I have toyed with the idea of  putting a small PC running
>on 25-40 watts, or less, into this gun safe, with only a power cord and

>Ethernet wire coming out).

I like the dual use of keeping a security-sensitive PC in a gun safe
which also keeps the guns dry :-)   You could have the door opening
silence
the PC, too.  A nice lead lining will keep the black bag x-ray team
(they'll borrow a unit from the bomb squad) from seeing much.

>Still, his series fits with the kind of security awareness and
>hypervigilance we often discuss.

"The ultimate in paranoia is not when everyone is against you
but when everything is against you."  PKD

(and quite apropos here)

More information about the cypherpunks-legacy mailing list