One Laptop Per Terrorist
juan.g71 at gmail.com
Sun Mar 29 13:04:54 PDT 2015
On Sun, 29 Mar 2015 00:46:08 +0200
Markus Ottela <oottela at cs.helsinki.fi> wrote:
> A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a
> lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ).
Thanks! Checking it out.
> doesn't take a spy or terrorist to create something like this: TFC
> was a hobby of a CS-student.
Yeah, that was one of my not-explicitly-stated points. Since
such a device is almost 'trivial' to build, rendering a lot of
fancy cryptoanalisis (and hacking) useless seems easy. So we
arrive at the surprising and unheard-of conclusion that
governments are a very big scam...
> Distribution of key material isn't the big problem, keeping the keys
> secure from end-point exploitation is as TAO, ANT-implants,
> COMMONDEER, VALIDATOR, QUANTUM w/ UNITEDRAKE/SALVAGERABBIT
> etc. make it hard.
I'm not sure what exactly those things do, but they seem to be
attacks against 'cosumer grade' hardware and software. Not
likely to work against a $2 microcontroller with no radio and
no network connection.
> But even these could be addressed in TFC - enforcing the
> need for close access operations, close proximity malware injection
> or retro reflectors and other HW implants is the only way to avoid
> untasked targeting from becoming the mass surveillance of next
> generation; It's the sweet spot of security, as the attack can not be
> automated, and the cost increases linearly with the number of targets.
> On 28.03.2015 03:02, Juan wrote:
> > Seems to me that it's rather easy for terrorists to create simple
> > hardware for at least secure text messaging (or more).
> > The recipe goes something like this :
> > 1) a microcontroller.
> > 2) a keyboard
> > 3) an 'old' lcd text display
> > 4) eeprom memory - sd card
> > 5) a bunch of discrete components for a noise generator.
> > The idea is to mix all those ingredients plus code to get a system
> > that can
> > 1) generate random data to be used as key in 'one time pad'
> > encryption 2) input text messages (and encrypt them of course)
> > 3) decrypt text messages to the screen
> > (if the microcontroller can act as an usb host it maybe possible to
> > get data from devices like cameras and encrypt it)
> > The thing is, distribution of the key material should be trivial for
> > any 'terrist' worth his salt. So the only drawback of the allegedly
> > secure one time pad isn't really an issue.
> > I'm guessing that any real 'spies' out there have been using
> > something like this for a while.
More information about the cypherpunks