On Thu, Jan 27, 2011 at 06:49:23PM +0000, Rayservers wrote: [Disclaimer: I work for Simtec and worked on the Entropy Key]
> I had posted about these on this list earlier. I have had 10 of them > purchased. > They are waiting for analysis. If anyone on this list has the time and > expertise > (both hardware and software), they can have one sent gratis for a full > analysis > report to this list. If you carry out a full destructive analysis [the innards > are epoxied], a replacement will be sent. If such an analysis is done, we would be very interested in seeing the results such that we can improve the product if necessary. > The web site mentioned that the on board processor running closed source does > entropy checks before transmitting the data via a secure channel over USB to > the > open source driver on Linux. Obviously I am concerned about the closed source > on > the micro. While the software running on the micro is indeed closed (it's where a lot of our development effort went) it's not like you could verify that what we told you was on the micro was indeed on it, since the device is epoxied (for your security, not ours) and thus you can't change the software on it anyway. We are being as open and honest about the device as we can, since we understand the need for transparency where possible. I have spoken with the boss and he is prepared to allow me to offer to provide an Entropy Key unboxed, unepoxied (and thus not run through our full test suite) as a special developer bare-board option. We could ensure that the production software is written to the device so that you can verify the board is operating to spec. Then we can provide a toolchain and example firmware which demonstrates how to provide a USB serial connection from the micro, how to power up the generators and an example of reading the random values and writing them to the USB serial port. This would allow an interested party to write their own firmware if they do not trust ours. However, since this would be a special order, there would be delays and potentially costs involved over and above the retail package, due to the lack of economies of scale. Regards, Daniel. -- Daniel Silverstone http://www.digital-scurf.org/ PGP mail accepted and encouraged. Key Id: 3CCE BABE 206C 3B69 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
