On Fri, Jan 28, 2011 at 04:05:38PM +0000, Peter Gutmann wrote: [Disclaimer: I work for Simtec and worked on the Entropy Key]
> Does anyone know more about the hardware they're using to communicate via USB? > If it's something like a standard PL2303 it shouldn't be too hard to talk to > on systems other than the few Linux ones they support The USB device in question is the microcontroller which also does all of the crypto and entropy analysis on the streams. This is so that it isn't possible to interface to the data stream before it is encrypted and to ensure that you cannot substitute another data stream in the device easily. > the only problem will be the complex protocol they use, which uses MAC'd > packets implementing a custom comms protocol instead of just opening a serial > port and reading the output, definitely not a good design decision because it > limits use to systems running their (from the webpage) not very stable > drivers. Note that, as the webpage explains, the device is a USB CDC device providing an asychronous serial port. We chose this particular method of delivering the data stream because it was well supported in most UNIX systems, along with Mac OS X and Windows, without the need to write kernel drivers which would cause more concern among the target market. The issue with driver stability was limited to a particular set of Linux kernels, which two years ago were prevalent, but are now becoming less common. Indeed the driver issue was purely related to the Linux TTY layer which has had numerous issues in the past. The custom protocol which is implemented on top of the serial stream is entirely there to ensure various security measures. It is not possible (without the shared keys) to pretend to be a valid device and provide known data to the ekeyd for inclusion into the kernel. It is not possible to record the USB data stream and then (without the shared keys) work out what data was actually passed to the kernel. Also, the MACs allow us to be certain no packets got tampered with or corrupted en-route. Regards, Daniel. -- Daniel Silverstone http://www.digital-scurf.org/ PGP mail accepted and encouraged. Key Id: 3CCE BABE 206C 3B69 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
