[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More comments on dongles

> I still disagree. Even if all the crypto operations were done in the
> dongle, it wouldn't be a "turnkey" device that could operate totally

Maybe not "totally" (there are no absolutes) but if well designed, it 
could come VERY close.

> automatically.  You'd still need a way for your host computer to turn
> it off and on, to select a public key for encryption or signature ...
> ...  I.e., you'd have to run special driver software on the host anyway.

The way I envision it, the host must NOT have the ability to turn it on
or off or do any of the other things you mentioned.  The assumption is
that you DON't trust the host.

All these commands to the dongle will be given through the keypad
and/or commands you type in from the terminal.

So if the host does not even need to know the dongle exists, it is
automatically independent of what type of computer, operating system,
communications program or terminal you are using.

> process. If I want to decrypt a file, I'd send the dongle the IDEA (or
> DES) key that had been encrypted with my public key. Once the dongle
> responds with the decrypted IDEA key, I can perform the actual IDEA
> decryption on my host computer with no further dongle interaction.

Again, you are trusting the host.  What if the decryption program on 
the host has been modified to quietly write the plaintext to a hidden 

> speed, not the speed of the port that's talking to the dongle.

Once the host decrypts the file (at a high speed, as you say), you want
to view the file, right?  That means the plaintext is transmitted from
the host to you.  Anywhere in the link (which could be a simple RS-232
connection, or a chain of network links, modem connections, etc.,
someone may be watching.  With my design, the decryption takes place at
the very last step, just before showing up on your screen.

> A palmtop ... would make a good platform for a prototype dongle.
> Most have serial ports (standard or optional)

I have thought of that too.  I would need one with two serial ports
though.  If you know of a good, cheap (can something have these two
properties simultaneously? :-) notebook computer with (option of?) two
serial ports, please let me know.

> Since it is a sensitive step, RSA key generation could also be done on
> the palmtop (although it would probably take hours) or it could be

Since that is not something you do every day, I think you can tolerate
it taking a while.  How long it takes also depends on how much security
you want (i.e. key length)

> main reason for using the dongle is to limit the trust you have to
> place in a borrowed PC (as opposed to protecting against your own home

That is just one of the reasons.  The others are convenience, lack of
trust in the host or the network, use of a terminal (which can't run any
software locally), use of various computers/terminals (at home, at work,
any other place you happen to be) use of an environment for which no PGP
implementation exists or on which you do not have the access to install 
any software, and I'm sure you (any of you) can think of other reasons
if you take some time.

Yanek Martinson    mthvax.cs.miami.edu!safe0!yanek     uunet!medexam!yanek
this address preferred -->> [email protected] <<-- this address preferred
Phone (305) 765-6300 daytime   FAX: (305) 765-6708  1321 N 65 Way/Hollywood
      (305) 963-1931 evenings       (305) 981-9812  Florida, 33024-5819