Setting up PGP

Karl gmkarl at gmail.com
Mon Oct 12 17:02:27 PDT 2020 

On Mon, Oct 12, 2020, 6:57 PM grarpamp <grarpamp at gmail.com> wrote:

> > usbs have microchips that accept code updates
>
> USB "converters" should be considered suspect.
>
> Plugging BadUSB's, BadHDD, CPU's, Flash, or any
> other chipped / smart device or port with firmware, microcode,
> chips etc between systems has potential to infect / attack them.
>

How would you set up an airgapped system, if your main system were already
infected?  There's some degree of number of microchips, times accessed, way
and source of system installation and tools added ...

On a pi zero, you're likely going to have a keyboard, a display, and an SD
card, all of which have additional chips, some even long wires that can act
as radios.  Then the communication medium; I guess using the existing
display and keyboard adds the least complexity, but that's a lot of copying
of encrypted text.  I might start with a USB key even though it busts a
hole in the system, and just recommend it be moved very rarely.

A second paired system could be used for data exchange, connected to a
printer or a camera or a disk or whatnot, with an optoisolated gpio
connection to the main system.


> Assuming some random magical usb converter
> cable sets do pass raw rs-232 between them
> (ie: can cut/splice to a rs-232 port / modem / teletype)
>

The FTDI actually does this.

users often probably fuck up and cross infect
> usb during the n-th insertion setup session.
>

That sounds concerning.


> Various "air gap", all adaptable to 'cat hugefile > /device'...
>

Prefer tinyclearfile to hugefile, so auditing is reasonable.


> QR code

OCR scanning

Sound

Light
> RF
> Keyboard bots
> Monitor display output to camera capture input,
> a digital stream of bits thrown onscreen as fast
> as the two can sync.
>
> Simple RS-232 protocols, ECC codes, etc.
>
> All assuming endpoint chipsets don't attack over the gap / wire.
> Keep simple enough to see, log, debug, verify, filter, audit... like ASCII.
>
> USB, optical disk, tape, hdd... often have media
> based firmware update mechanisms, exploits,
> special sectors, bootcode, emulation, etc.


> > scrabble tiles
>
> As received from the store... exhibit a non-random
> character frequency count, should not be used without
> adjustment down to 1:1.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4747 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20201012/467dadd6/attachment.txt>

More information about the cypherpunks mailing list