[Cryptography] You can't trust any of your hardware

Eugen Leitl eugen at leitl.org
Tue Aug 5 02:57:20 PDT 2014

----- Forwarded message from ianG <iang at iang.org> -----

Date: Mon, 04 Aug 2014 11:31:39 +0100
From: ianG <iang at iang.org>
To: cryptography at metzdowd.com
Cc: Jerry Leichter <leichter at lrw.com>
Subject: Re: [Cryptography] You can't trust any of your hardware
Message-ID: <53DF610B.6080601 at iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 4/08/2014 03:28 am, Jerry Leichter wrote:
> On Aug 2, 2014, at 8:54 PM, Nemo <nemo at self-evident.org> wrote:
>>> How many USB devices have ever been patched after sale?
> There are few sharp lines here, but there is a very broad, very heavily populated, set of "USB devices" that we commonly look at as having fixed functions based on code that will never be changed.  USB memory sticks are extremely cheap and produced in the hundreds of millions.  No one thinks of them as active devices.  And yet ... they are.  They contain significant processing power running non-trivial code - and that code can be replaced.  That's the big message here.  Yes, obvious in retrospect - but how much have *you* thought about defenses against legitimate memory sticks from major manufactures that have had their standard firmware replaced with attack code?

In CAcert we used the USB memory sticks for sneaker-packets in
key-signing ceremonys, and for later escrow.  We use 2 for each.  They
are to be purchased at a random retail street store on the day.  Those
not escrowed are destroyed afterwards.

We might need to rethink the approach, perhaps with open source designs?

The cryptography mailing list
cryptography at metzdowd.com

----- End forwarded message -----

More information about the cypherpunks mailing list