[cryptography] Preserve us from poorly described/implemented crypto
marsh at extendedsubset.com
Tue Jun 7 15:25:24 EDT 2011
On 06/07/2011 02:01 PM, J.A. Terranson wrote:
> On Tue, 7 Jun 2011, Nico Williams wrote:
>> I'd like keyboards with counter-measures (emanation of noise clicks)
>> or shielding to be on the market, and built-in for laptops.
> Remember how well the original IBM PC "clicky keyboard" went over (I think
> I'm the only person in the US who actually liked it> - veryone gave me
> theirs after "upgrading to the newer lightweight and silent ones):
IBM was a typewriter company for most of the 20th century and
consequently had a lot of research invested in the keyboards. Those of
us who used other IBM keyboards before the PC saw it as a lighter-weight
version of the mainframe terminal keyboards.
I liked it. Years later I found a place to buy a similar "bucking
spring" model online and did, but it didn't last very long.
> user experience will always end up with a back seat when it's time to do
> the actual work in front of the screen.
I dunno. Seems like more often than not these days it's security taking
a back seat to the user experience.
For example, Mozilla is removing the status bar and the SSL lock icon
along with it. A perfect opportunity for a phishing site to paint one of
their own. Now they're talking about removing the address bar too.
With every pixel valuable on mobile displays, browsers want to dedicate
the whole frame to the page itself. Consequently, there is no chrome
with which to communicate security information out-of-band, i.e., not
under the control of the web page.
> I haven't done a lot of serious work there, but I did look once at an LG
> Optimus V out of idle curiosity: I don't think it would be very difficult
> to map many of it's leaky signals. Same for all smartphones in general.
What would be interesting would be to substitute an image on the page
with a one that flickered at a known rate. Then maybe try one that
flickered at a rate determined by idle CPU capacity or other side
channels. It'd be interesting to see what kind of data rate you could
obtain for exfiltration.
More information about the cryptography