From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8A760198005 for ; Wed, 20 Mar 2013 03:29:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7F033E0477; Wed, 20 Mar 2013 03:28:52 +0000 (UTC) Received: from mail-ia0-f175.google.com (mail-ia0-f175.google.com [209.85.210.175]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 132FAE03E4 for ; Wed, 20 Mar 2013 03:28:50 +0000 (UTC) Received: by mail-ia0-f175.google.com with SMTP id y26so1027992iab.20 for ; Tue, 19 Mar 2013 20:28:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; bh=5WwVOZfP0tmHyQ5NdpqkzpNMsjBGPXMGSFcvOqiymZQ=; b=iM+EkZLFNu5uYQwDAIy/o9Ut+gqKthmxlW/Sx4Qf30MxHaNz6PaDKp7NqWjA0Y3Fru d0MjnczpYyD/7BN0Fgip96dkL1cJgxPJsewtysH+xFmo/Id7Psj/YFRiUCXSOFXn+7+K fo7qrNtc7xD/m3WBnyDFaQm0LCgINotnPzDSJ2od1HD28LoRvNKsk3Z5w9xcCsiarc2/ qOGKlVpNbe/dD88BwXK10Oqv0EhTc0gVHagz5aBBwxJwznv/WhJgkKNosfl4YmXNlsx8 a3NRy10i+LX/1Ws9g9ZvapgOzBT4gjposKC9QOQK2iyAcruQYyJBUFqDff5YLL5GXesb +vIw== X-Received: by 10.42.148.71 with SMTP id q7mr12573821icv.53.1363750130176; Tue, 19 Mar 2013 20:28:50 -0700 (PDT) Received: from ?IPv6:2001:470:c5b9:beef:4eed:deff:fe93:63a0? ([2001:470:c5b9:beef:4eed:deff:fe93:63a0]) by mx.google.com with ESMTPS id i10sm3539887igz.9.2013.03.19.20.28.46 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 19 Mar 2013 20:28:49 -0700 (PDT) Message-ID: <51492CE9.4030508@gmail.com> Date: Tue, 19 Mar 2013 23:28:41 -0400 From: Michael Mol User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130222 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [OT] Time-lock USB stick References: <514925C3.8020900@gmail.com> <51492A76.4010202@iinet.net.au> In-Reply-To: <51492A76.4010202@iinet.net.au> X-Enigmail-Version: 1.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2VLJVWLIBUHGHDRBVTIJU" X-Archives-Salt: 218c1bbe-dd0a-4ee5-bdb5-6728056c30bb X-Archives-Hash: c1a77682118abc12295109af382531d6 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2VLJVWLIBUHGHDRBVTIJU Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 03/19/2013 11:18 PM, William Kenworthy wrote: > On 20/03/13 10:58, Michael Mol wrote: >> Does anybody know of time lock flash drives? >> >> The scenario I'm looking at is to have a drive that's only accessible >> for a certain amount of time after being powered on. It would hold >> crypto keys in a server context. >> > Something like this? >=20 > http://www.tomshardware.com/reviews/USB-Flash-Drives,2003-6.html >=20 > It does sound like you want a "dongle" like autocad used (?) to use. >=20 > I think the real solution though would be some kind of check with a > remote site that would expire the keys Not so much. The idea would be that you could power cycle the device to get access to it again. The device would be read for the keys at system bootup, but then would shut itself off after a few minutes to prevent the keys from being read from disk. (There's still the risk of them being read from the memory of the process using them, but that's slightly more difficult, and security is all about raising the bar.) ------enig2VLJVWLIBUHGHDRBVTIJU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRSSzrAAoJED5TcEBdxYwQaFgH/3pG4eYoan7t8M6Frz5HxLz8 4vjiqmuCbuWvpURXJvcAwKUE9d/EYsPm86ZUr4Mos0zlNIjQX9k0+lYCB1sJ009t WnKlafSiqITBIluE7gtcOBH4cTohLr3MtUmOsntlvai9jUthLNajEcyk+QrBMue2 6nicFH+JcYaC3aaRd15HvLAy0FHySrb5b/+VK2YjDLxHHE7oqFOM9FK35YTDlmRk Q1mxMvm7ZF2zKuI+B+bZSyYB+qyTwZ7kx/R7Y1gV0Rk705zH6H8xqo33rmp99usL b4XA5E3mzAC2asfBivIlB3DIWDwusibgtJJ/aqVxy+ihXevRiybcpGdlLZIUt2w= =CqrQ -----END PGP SIGNATURE----- ------enig2VLJVWLIBUHGHDRBVTIJU--