From: Rob Kendrick <rjek@rjek.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Bought an "entropy-key" - very happy
Date: Fri, 26 Mar 2010 00:36:10 +0000 [thread overview]
Message-ID: <20100326003610.3116cbde@trite.i.flarn.net.i.flarn.net> (raw)
In-Reply-To: <4BABC9BC.5961.1699834F@pageexec.freemail.hu>
On Thu, 25 Mar 2010 21:38:20 +0200
pageexec@freemail.hu wrote:
> > That somebody with a few probes and a 50 quid USB logic analyser
> > can't capture the entropy that was delivered to the system. (One
> > of the target markets is installation in shared co-location
> > facilities.)
>
> do they also protect against impersonation? from your other answers
> i infer that there's some (mutual?) authentication between the device
> and the kernel, so it should be possible ;).
Yes. There's a shared secret printed on a security card in the box
that in written into some one-time-programmable memory in the device.
You then use this key to generate another key, which is then stored on
the machine, and used to generate session keys. (ie, the master key on
the security card is never stored on the machine, so even if your
machine is compromised, you can still use the device safely elsewhere.)
B.
next prev parent reply other threads:[~2010-03-26 1:02 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-23 20:39 [gentoo-hardened] Bought an "entropy-key" - very happy Ed W
2010-03-23 21:02 ` lists
2010-03-25 13:10 ` Rob Kendrick
2010-03-25 17:50 ` pageexec
2010-03-25 20:12 ` Rob Kendrick
2010-03-25 19:38 ` pageexec
2010-03-25 23:53 ` Ed W
2010-03-26 0:36 ` Rob Kendrick [this message]
2010-03-25 20:17 ` Ed W
2010-03-25 20:21 ` Rob Kendrick
2010-03-25 13:30 ` Ed W
2010-03-25 19:23 ` lists
2010-03-25 19:34 ` Tóth Attila
2010-03-25 20:11 ` Rob Kendrick
2010-03-25 20:34 ` Ed W
2010-03-25 20:41 ` RB
2010-03-25 21:08 ` Tom Hendrikx
2010-03-26 14:15 ` Brian Kroth
2010-03-26 15:19 ` Rob Kendrick
2010-03-27 13:11 ` Ed W
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100326003610.3116cbde@trite.i.flarn.net.i.flarn.net \
--to=rjek@rjek.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox