[Gnuk-users] FST-01 is going to be non-reproducible any more
NdK
ndk.clanbo at gmail.com
Sun Jan 10 15:48:22 UTC 2016
Il 10/01/2016 12:44, Yuji -UG- Imai ha scritto:
> - Javacard-like environment, to be able to develop applets (openPGP
> could be just one applet), even if single-applet-only
> I don't know gniibe think about it but I like FST-01 because I feel the
> policy
> keeping it design simple. It must be good being reproducible, easy to check
> soundness of design.
Well, this being a sw-only issue, could be addressed later, even by others.
> There already exist openPGP compatible applets on top of Java card.
I know. I even started extending one (see MyPgpID project). Too bad SCs
lack the flexibility I'd need to implement all the features.
> With same reason, I like the way gniibe is going to focus on ed25519
> stopping RSA features.
Is that wise, now that ECC is "discouraged" by NIST and quantum
computers seems on the horizon (Google already bought a 1000qubit one...
and IIUC that could easily crack ed25519!).
That's why I abandoned curve25519 for my OpenAlarm nodes. Now I'm trying
to "port" NTRU (GPL version).
> - small (1.8") oled display and a couple of keys (ok/cancel), useable
> from applets
> I like it.
> But I have no good idea how we can find long-supported display device.
As long as I2C interface is exposed, the rest at most requires a FW
change. But the 128x64 OLED displays I could find on Aliexpress all seem
to have the same pinout.
> Key and SW look OK. :)
They're really standard :)
> Once I considered to make other device using micro SD I/F. I gave up
> the plan because it is necessary to sign contract of SD card assocoation.
> I'm afraid it make open source hardware difficult to support SD mechanism
> in concern with intelectual property issue.
Other OSHW projects use it. IIUC, you don't need to sign anything for
the "non secure" protocol (iow as long as you use it as plain storage).
It's plain SPI protocol...
> That is a exactly same way how "I" connect my FST-01 to my laptop. It works
> excellent!
> However I didn't recommed my friends. Gniibe noticed, current FST-01 was
> not design supporting with such extensions. There may be risk of side channel
> attack. I have read such notes somewhere in the document of FST-01, but now I
> can't remember where.
Well, if you are a target worth using TEMPEST attacks, then it's better
to use more "rugged" HW! I'm really not convinced that smartcards (with
their single-ended serial interface, with sharp signal edges) are better
on this side (USB uses differential signalling with slew rate control,
iirc, and that greatly limits emissions). Maybe it could be useful to
add a simple LC filter on the extension cable end to filter power lines,
if that's your concern.
What about a "magjack-like" connector? if it gets stressed too much, it
just disconnects.
BYtE,
Diego
More information about the gnuk-users
mailing list