4b00 Ideas Scratchpad - Telecomix Crypto Munitions Bureau

Ideas Scratchpad

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

Add your ideas to the bottom of the page :D<3


[edit] General ideas

Are we doing this, or should we cancel these projects?

[edit] Hardware Opensource Cryptochip

  • To compete with the Trusted Platform Module, by providing 'user override' control. Giving organizations, and business more control over their own computers.
  • To be compatible with I2P, and help ensure that a I2p node is cryptographically secure.
  • To be open source, to ensure that security is not relied though a false sense of 'security by obscurity'

[edit] Possible implementation

  • FPGA
  • AVR microprocessor
  • A silicon chip factory (by a company willing to sell these chips)

[edit]  ??!

  • This TPM-project is likely outside the scope of possible projects as we do not have that type of resources (or am i wrong?)
  • It is not clear if such a chip would actually be able to protect anything, as it would be a DIY-chip. If you have created your own circuit and feeds it with the endorsement keys (EKs) of a common and trusted peer, nothing will stop you from also having built in a backdoor into your own hardware. Thus, the chip would likely not be able to do any remote attestation to prove the integrity of the software running on the computer. The only likely field of application for the circuit would be for a cluster of computers that are all owned by the same person (like companies are using TPM today). Questions like these needs to be researched!
    • Well if its an FPGA type of TPM, won't it be pretty secure, and yet still 'reviewable'? Also the aim of this open source chip, is not 'remote attestation', but to ensure that what you 'own' is controlled by you, not anybody else.
  • Suggestion: Encrypt your partitions and use SSH for logging into them when rebooting them, instead of using anything like a TPM-chip. However, if we find a secure cryptoprocessor that lets the owner replace all the keys it could be used to secure svartkast against computer forensics. It is likely easier and safer to just not enter any personal data into the svartkast though (allow telnet logins over I2P/TOR).

[edit] Telecomix Ciphersystem MARK II

Everything moved to Telecomix Ciphersystem MARK II

[edit] Disposable Instant Messaging and Asynchronous Messaging

  • Cryptocat is open-source, encrypted instant messaging. No sign-up required
  • If we can have disposable email, why not Instant Messaging as well?
  • You go to the site and ask for a master link, it will give you a randomly generated link with an optional password (sent via POST, or typed up). You can either leave it on, to use it instant messaging feature, or check it every now and then with its Asynchronous Messaging board.
  • You give out the guest link to the web or directly to a unknown person, the guest then is asked if they want to just post a message or actually want to conduct a correspondence. If they want to stay in touch, then they have two options... they can do it via email, or they can generate convoIDed link and bookmark it (and optionally stay in contact via email).
  • Crypo-js library plus userscript plus any public service.
Personal tools