1992-11-26 - Re: RS232 Crypto Dongle (idea for widely accessible crypto technology)

Header Data

From: gnu@cygnus.com
To: karn@qualcomm.com (Phil Karn)
Message Hash: 047deb22c089b71d47284e9669cb74bf02fea0f30870ed6c5c0f3da8c0eefca5
Message ID: <9211260203.AA15805@cygnus.com>
Reply To: <9211260047.AA01958@servo>
UTC Datetime: 1992-11-26 02:04:11 UTC
Raw Date: Wed, 25 Nov 92 18:04:11 PST

Raw message

From: gnu@cygnus.com
Date: Wed, 25 Nov 92 18:04:11 PST
To: karn@qualcomm.com (Phil Karn)
Subject: Re: RS232 Crypto Dongle (idea for widely accessible crypto technology)
In-Reply-To: <9211260047.AA01958@servo>
Message-ID: <9211260203.AA15805@cygnus.com>
MIME-Version: 1.0
Content-Type: text/plain


> I had this in mind too. But there's a problem -- if we have to depend
> on commercial manufacturers to build these things, how will we know if
> we can really trust them? ...
> Unless, of course, we can get the technology to build PCMCIA cards
> ourselves out of readily available parts...

There's an implied assumption in the above that "we" and "commercial
manufacturers" are not the same people, and that if "we" could build
the cards "ourselves", then "we" could trust them.  But any of "us"
builds PCMCIA cards and offers them to "us" for sale, they will have
to satisfy "us" that "we" truly understand its level of security.

Enough pronouns?  The point is that we can't trust ourselves any more
than faceless manufacturers.  It's more likely the manufacturers won't
make some bonehead mistake that renders the system easy to break.  And,
as dramatized in "Sneakers", even the best people can be pressured by
the government if they or their loved ones are vulnerable.

John Draper was proposing to manufacture rs232 random number
generators -- would you buy a used random number from this man?  If
you could see its design, you might.  If not, probably not.

There's a tradition that security software has to be made available
in source form because the customers insist on it.  Let's continue this
trend and make sure it applies to hardware, too.

	John





Thread