On Mon, October 20, 2014 00:10, Arno Wagner wrote: > On Sun, Oct 19, 2014 at 22:59:21 CEST, Cpp wrote: >> On 10/19/14, Arno Wagner <arno@xxxxxxxxxxx> wrote: >> > Actually, it has a pretty good chance of working well. Once. >> > And if it is not too obvious and nowhere documented that the >> > attacker can get at beforehand. >> >> So basically if a device like this is meant to be used and distributed >> widely, one security requirement would be that each and every device >> uses a custom anti-tampering circuitry setup so that no two setups are >> identical. After one device has been compromised, a new custom setup >> has to be made, possibly at a new location. > > For DIY, yes. Commercial HSMs have another protection, namely > they are priced at EUR 50k+. That discourages most attackers from > buying a few to leant how to break into them. > Would an attacker really spent 50k+ or would he/she spend 10% of that to break into the company building the HSM? Or even less pricier, break 'into' one or more employees? > But seriously, this is not a beginner's game. If you want to > keep out a low-resource attacker, just get a safe, drill some > holes for the cables, add an arduino or compatible with light, > vibration and orientation sensors and make it protect the > passphrase and pull the plug if it finds something fishy. > Attachment to computer via serial or USB as HID is fine. > > Arno > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D > 9718 > ---- > A good decision is based on knowledge and not on numbers. -- Plato > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > Regards -Sven _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
