[Cryptography] Dumb idea: open-source hardware USB key for crypto
Troy Benjegerdes
hozer at hozed.org
Sat Jan 11 15:09:08 PST 2014
On Sat, Jan 11, 2014 at 10:08:28AM -0500, dan at geer.org wrote:
>
> > And just who is going to bring
> > the aforesaid open model upon this class of gear? So it's
> > +1 for spooks.
>
> Yes and no. Across the security parts of that government with
> which I am familiar, the issues of which you are speaking are
> deeply troubling -- they buy computers, too. There is, indeed,
> the strong mandate to use commercial off the self (COTS) goods
> rather than government-only goods which, on balance, is a Very
> Good Thing as perversion of the supply chain is thereby a common
> enemy. That all significant private firms are transnational is
> likewise a Very Good Thing (at least in this context). Naturally,
> I have no access to whether the precise discussion taking place
> in English here on these two lists is simultaneously taking place
> in and around Beijing, Brussels, London, Moscow, and Tokyo, but
> I would be surprised if it is not.
Based on my experience at a DOE lab that let me to coin the term
'Legislative Trojan', I proposed a process called 'trusted open
source', in which things like the core bios (http://coreboot.org)
would be maintained by multiple different government standards
agencies.
Say NIST in the US, Germany, China, Japan, and Taiwan, as well
as independent organizations like Wikipedia, the free software
foundation, and the Debian project.
So when you have VHDL, I'm very interested in looking at it, and
calling up some of the people I used to work with in the Supercomputing
community. They are very concerned about the integrity of open and public
scientific computing, and may even be motivated to fund such a thing.
The Cryptocoin community (should) also be extremely interested as
well, and http://efabless.com would love to actually make the thing.
Then you just randomly sample and X-ray the chips. The intelligence
agencies that want to subvert this process will still have plenty of
physical/humint/social engineering attacks so they will be happy.
When do we start? Please upload some VHDL/verilog ASAP.
-- Troy
More information about the cypherpunks
mailing list