[cryptography] Preserve us from poorly described/implemented crypto
marsh at extendedsubset.com
Tue Jun 7 12:00:32 EDT 2011
On 06/07/2011 07:18 AM, Ian G wrote:
> People in tall glass buildings should learn not to throw electronic
> stones then.... It's easy, just use a laptop w/ethernet. No wireless, no
> keyboard loggers. Corporates know how to issue laptops.
If the Vice-President of Large Fund Risk Arbitrage (or whatever) tells
the IT nerd to get him a wireless keyboard, he gets one. I know this
because I was once the IT nerd.
>> On the defense side, the agencies that are experienced at looking at
>> signals also have the mission of protecting the US government itself.
>> Surely they realize it's impractical to keep every off-the-shelf
>> keyboard out of every marginally sensitive location.
> Then, the rest of society has to pay for their incompetence?
Well, yeah, obviously. Let us hope this is the least of it. :-)
On the other hand, driving security improvements for everyone is a great
way that government purchasing requirements can improve security for
everyone. Perhaps in this case it has even encouraged the development of
an off-the-shelf secure wireless keyboard.
Other stuff I'd like to see government purchasing encourage:
Opaque covers for cameras on computers.
Require hard-wired physical cut-out switches on all microphones and
antennas attached to or in computers. Software and chipset logical
switches don't count, they can usually be hacked. Anything but a simple
physical disconnect switch proves impractical to verify.
General purpose computers get hacked far to easily to allow them to have
open microphones and cameras. Combined with wifi, this is a ridiculous
combination to permit.
My Toshiba notebook has a wireless cut-off switch. But it appears just
sets a bit that the driver is supposed to respect. Of course this is
useless if the driver is unreliable or compromised. When running Linux
for example, it often detects and offers to associate with nearby access
points even when the switch is off! This means that at least the
receiver is still operational and is thus willing to accept and process
> Anyone know what the price of a DoD-secured keyboard is :)
Anyone else see this from a few years back?
Many cars now come with Bluetooth for hands-free mobile phone operation.
Turns out they have the same challenge as this keyboard implementing an
effective method of securing the initial association.
The result is...The Car Whisperer:
More information about the cryptography