[ExI] Revealed: how Microsoft handed the NSA access to encrypted messages

Wed Jul 17 13:18:06 UTC 2013

On Wed, Jul 17, 2013 at 02:02:09PM +0100, BillK wrote:
> On Wed, Jul 17, 2013 at 1:22 PM, Eugen Leitl  wrote:
> > I'm sorry, Raspberry Pi is not an open system. As far as I know
> > there is no open source hardware on the market, so you would
> > be limited to soft CPU DIY from http://opencores.org/projects
> >
> > Of course, you'd need the open source equivalent of seL4 and
> > a fully hardened, sandboxed application stack. I'm afraid you're
> > a bit SoL here.
> > We're making progress, but we're not nearly there yet.
> >
> 
> 
> I don't see any open source chip fabs appearing ever.....

You can load the soft cores into FPGA but also submit your
VHDL to a normal fab and verify it optically via representative
sampling.

> I was comparing the Raspberry Pi with an Intel quad-core pc running Windows.
> The Pi is far more secure.

Depends on your threat model.

> I am well aware that if the NSA, etc. make you a target then there are
> ways around every protection measure you might take. 99% of the
> population don't even care. All we can do is make life a bit more
> difficult for the NSA, preferably using measures that don't attract
> their attention. This is even more interesting if they waste time on
> your pc and you have nothing on your computer to hide anyway.

I agree. It's a good DoS.

> As a general point it is worth pointing out that if security is your
> main concern, then you don't want to run the latest greatest CPU with
> the fastest internet connection you can buy and then worry about
> trying to make it secure.

There are advantages in keeping an archive of old hardware, but
it's less capable in general, and not an option for many.

> For greatervsecurity on an internet connected pc you need an old
> processor with the minimum of memory, on the edge of useability, with
> a slow internet connection. Even just dial-up. This means that if any
> strange new process runs there is an immediate noticeable performance
> hit.

You don't see something which runs directly in the NIC, or your
router.

> I have had powerful quad-core pcs brought to me with complaints about
> slow running, that were infested with viruses and adware so that the
> pc was almost at a standstill before the user noticed any problem
> worth bothering about.

Performance degradation is not a good metric. 

> So for security I would use an old slow pc which complains when
> anything new starts up. This means that any attack software has to
> have a very light footprint on cpu, memory, disk and connection usage.
> 
> Of course, on its own this doesn't guarantee security, (nothing does),
> but it helps.

I agree that layered security is advantageous. 
Enough layers of paper will stop bullets.