[onerng talk] amusing for USB RNGs :)

Jim Cheetham jim at gonzul.net
Sat Aug 2 09:26:24 BST 2014


On Sat, Aug 2, 2014 at 8:03 PM, Paul Campbell <paul at taniwha.com> wrote:

> On Sat, 02 Aug 2014 08:47:08 ianG wrote:
> > On that thread, over on the Crypto list it was suggested that we could
> > make a pass-thru USB adaptor that would prevent the rewriting capability.
> >
> > Is that possible? If so, could it be merged with the OneRNG design?
>
> ...

> We could create a "pass thru" device, essentially a bridge that hides
> everything but storage interfaces - OneRNG is probably not the guy to do
> it,
> I'm more in favour of doing one thing well - a "USB firewall" device
> should be
> something different
>

My take is that USB devices need to be able to offer a way to validate
their firmware, sadly over the USB interface.

OneRNG's approach is to show you the hardware in use, so that you can be
sure there's only 256KB of firmware available, then to dump that firmware
back out to you so you can checksum is (plus the 'uncompressible' signature
to make sure we're not being substituted by an attacker).

Paul, does that firmware constitute the complete USB stack, or is there
some other chip in use?

-jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20140802/fe08e42d/attachment.html>


More information about the Discuss mailing list