Re: [cryptography] OneRNG kickstarter project looking for donations
On 15 December 2014 at 19:18, ianG i...@iang.org wrote: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator About this project After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware. I don't really get the relevance to OpenSSL - Dual EC DRBG was vulnerable regardless of the entropy source. And, as already mentioned, not actually vulnerable in OpenSSL anyway. We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. I am curious if there's any evidence that avalanche diodes and Zigbee receivers are immune to outside influence (one would've thought not in the case of the receiver, at least, which is designed to be influenced by the outside)? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OneRNG kickstarter project looking for donations
why is that onerng better than http://www.seeedstudio.com/wiki/FST-01 ? why not fund something actually new ? On Tue, Dec 16, 2014 at 10:23 AM, Ben Laurie b...@links.org wrote: On 15 December 2014 at 19:18, ianG i...@iang.org wrote: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator About this project After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware. I don't really get the relevance to OpenSSL - Dual EC DRBG was vulnerable regardless of the entropy source. And, as already mentioned, not actually vulnerable in OpenSSL anyway. We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. I am curious if there's any evidence that avalanche diodes and Zigbee receivers are immune to outside influence (one would've thought not in the case of the receiver, at least, which is designed to be influenced by the outside)? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OneRNG kickstarter project looking for donations
Francisco, Sorry for resend, used wrong alias for the ML... On Tue, Dec 16, 2014 at 11:06:01AM +, Francisco Guerreiro wrote: why is that onerng better than http://www.seeedstudio.com/wiki/FST-01 ? why not fund something actually new ? A good friend of mine often says Filesystems should *not* be new and exciting. I believe the same holds for crypto and random number generation. In both cases, the job the code/hw is entrusted with is too critical for unproven methods. Of course, there's then the chicken/egg problem of how do the new methods become the trusted methods 5 to 10 years from now? thx, Jason. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OneRNG kickstarter project looking for donations
On 12/16/2014 6:06 AM, Francisco Guerreiro wrote: why is that onerng better than http://www.seeedstudio.com/wiki/FST-01 ? why not fund something actually new ? On Tue, Dec 16, 2014 at 10:23 AM, Ben Laurie b...@links.org mailto:b...@links.org wrote: On 15 December 2014 at 19:18, ianG i...@iang.org mailto:i...@iang.org wrote: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator About this project After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware. I don't really get the relevance to OpenSSL - Dual EC DRBG was vulnerable regardless of the entropy source. And, as already mentioned, not actually vulnerable in OpenSSL anyway. We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. I am curious if there's any evidence that avalanche diodes and Zigbee receivers are immune to outside influence (one would've thought not in the case of the receiver, at least, which is designed to be influenced by the outside)? ___ cryptography mailing list cryptography@randombit.net mailto:cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography Nuk isn't very flexible. So the product is original. -- Kevin --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] OneRNG kickstarter project looking for donations
Surprisingly, the OneRNG project is already half way to the goal of $10k NZD after only a week. https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator One reason I really like this project is that it is hopefully totally open. If we can seed the world with open hardware designs, we can have a chance of leaking this project into all sorts of other things like home routers, IoT things, Bitcoin hardware wallets etc. iang On 15/12/2014 19:18 pm, ianG wrote: After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware. We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] OneRNG kickstarter project looking for donations
are they making a fully open-source SoC? no. so forget about open hardware if that only means open-everything-except-the-SoC-and-a-few-other-stuff-that-has-binary-blobs-in-it ;) On Tue, Dec 16, 2014 at 4:39 PM, ianG i...@iang.org wrote: Surprisingly, the OneRNG project is already half way to the goal of $10k NZD after only a week. https://www.kickstarter.com/projects/moonbaseotago/onerng- an-open-source-entropy-generator One reason I really like this project is that it is hopefully totally open. If we can seed the world with open hardware designs, we can have a chance of leaking this project into all sorts of other things like home routers, IoT things, Bitcoin hardware wallets etc. iang On 15/12/2014 19:18 pm, ianG wrote: After Edward Snowden's recent revelations about how compromised our internet security has become some people have worried about whether the hardware we're using is compromised - is it? We honestly don't know, but like a lot of people we're worried about our privacy and security. What we do know is that the NSA has corrupted some of the random number generators in the OpenSSL software we all use to access the internet, and has paid some large crypto vendors millions of dollars to make their software less secure. Some people say that they also intercept hardware during shipping to install spyware. We believe it's time we took back ownership of the hardware we use day to day. This project is one small attempt to do that - OneRNG is an entropy generator, it makes long strings of random bits from two independent noise sources that can be used to seed your operating system's random number generator. This information is then used to create the secret keys you use when you access web sites, or use cryptography systems like SSH and PGP. Openness is important, we're open sourcing our hardware design and our firmware, our board is even designed with a removable RF noise shield (a 'tin foil hat') so that you can check to make sure that the circuits that are inside are exactly the same as the circuits we build and sell. In order to make sure that our boards cannot be compromised during shipping we make sure that the internal firmware load is signed and cannot be spoofed. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
