[Gnuk-users] Security of NeuG?
NIIBE Yutaka
gniibe at fsij.org
Thu Feb 19 11:47:42 UTC 2015
Hello, Jonathan,
On 02/19/2015 12:25 AM, Jonathan McDowell wrote:
> My recollection about the justification for encrypting and pairing the
> Entropy Key data is that it's fairly easily to MiTM a USB connection,
> especially one with such a basic protocol. If the device is plugged into
> an external port on the machine rather than secured inside the case it
> gets even easier.
Thanks for the point.
I understood this possibility. Let me clarify my thought.
My point is that it is not needed to encrypt on the device side, even
if the USB communication could be tapped.
The exact random bytes is not needed for host PC. If someone cares
possible attack of wire tapping, I think that it would be OK just
adding some filter.
[SECRET]
| /------\
| | |
V V |
[USB Device] -- random byte --> <Secure Keyed Hash> --/
|
another random stream
|
V
[KERNEL]
Administrator could replace the SECRET periodically.
People can use NeuG standalone device in this way.
--
More information about the gnuk-users
mailing list