From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 15 Mar 1997 23:06:08 -0800 (PST)
To: paul@fatmans.demon.co.uk
Subject: Re: TEMPEST protection
In-Reply-To: <858430734.0626900.0@fatmans.demon.co.uk>
Message-ID: <3.0.1.32.19970315175312.00625448@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


ichudov@algebra.com wrote:
>> - Whenever I need to do something secret, like reading pgp-encrypted 
>> messages, use ssh to connect from that laptop to my main Unix host
>> (manifold.algebra.com) and read those off of the laptop screen.
>> How secure would that arrangement be? At present, I do not feel that
>> the additional security is worth even $700, but who knows, that
>> may change.

If you're doing it for isolation reasons (keeping private stuff on your
laptop instead of your Internet-connected machine to reduce breakin risks),
it may be worth something.  If you're doing it for TEMPEST, don't bother;
laptops may put out less than CRTs, but I've still had my laptop emit signals
that showed up on a nearby TV semi-legibly (out of sync, but Bad Guys can
deal with that...)

If you find a TEMPEST-shielded PC at an NSA Surplus auction, it'll probably
be a 386 at best, and maybe a 286, so it may not be fast enough to bother
with.
Shielding this stuff is a Black Art, though paying a lot of attention to
cables and boxes and tight corners with metal connectivity helps a lot.
And just using a slower processor instead of that 200MHz microwave tower
also helps.

On the other hand, Matt Blaze has done some good work on cooperative
encryption
between smartcards and real computers, where the smartcard does a critical
part of the computation and the bigger computer does the bulk of the work;
you could still keep your secret keys on the slow shielded box.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)