[Freedombox-discuss] Crypto questions
Spectral Emanation
spectralemanation at gmail.com
Sun Apr 24 01:19:25 UTC 2011
>No problem on a typical Linux desktop; it does not do much crypto and /dev/random gets input from keyboard & mouse movement, disk delays, etc. However, it might be a major problem for a plug server that does more crypto, runs headless, and use solid state storage.
I have found this to be a problem on my plug computer. It takes
minutes to generate a key in OpenSSL or GPG. To get around this I am
using a two-dollar USB sound adapter from China and the service
"RandomSound" (http://www.digital-scurf.org/software/randomsound) Now
there is plenty of entropy. I have done some simple tests to the best
of my limited ability, and the data seems to be random. I also tried
creating entropy by sampling data coming from a Tor exit node under my
control just as an experiment, but there may be technical and ethical
problems doing this :-)
There is a project called Pandora where a group of people got together
and designed and built a custom portable gaming machine based on the
ARM OMAP3 platform. I would love to see something similar done to get
a custom plugcomputer designed and built based on Sheevaplug that has
a crypto chip with TRNG (and whatever other cool features people
want.) If it was a full TPM chip, it could to do things like hold the
key for an encrypted FS that could be wiped in an emergency (or a dead
man switch?). Then the key wouldn't need to be on the SSD where it is
vulnerable.
We could figure out all the issues we want to address and then get
custom hardware that is branded by the Freedombox project. The
Sheevaplug was created to be extended by vendors, why not us if we can
get enough people to commit to buying one?
S.
More information about the Freedombox-discuss
mailing list