Re: wanted: educate us please on key dongles

To: Marc Haber <mh+debian-project@zugschlus.de>
Cc: debian-project@lists.debian.org
Subject: Re: wanted: educate us please on key dongles
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 30 Aug 2017 12:10:34 +0100
Message-id: <[🔎] 22950.40234.697520.29232@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20170830105053.wvc5l3wr3uywqqf6@torres.zugschlus.de>
References: <[🔎] 20170802201629.orujsvrudooie7iy@angband.pl> <[🔎] 20170811124139.GL5972@earth.li> <[🔎] 20170829173435.6o2lgpktw2wglskk@torres.zugschlus.de> <[🔎] 20170830090938.2clqyis4svus2qp4@earth.li> <[🔎] 20170830101733.qfiulxq7gx4ctptt@torres.zugschlus.de> <[🔎] 20170830104213.qi3wxcgw6jobpilg@angband.pl> <[🔎] 20170830105053.wvc5l3wr3uywqqf6@torres.zugschlus.de>

Marc Haber writes ("Re: wanted: educate us please on key dongles"):
> That's a point, but I cannot validate whether the free hardware
> design running the free software crypto app isn't backdoored anyway due
> to lack of knowledge and expertise.

You don't need to be able to validate it personally.  The thing spooks
most hate is discovery.  Backdooring supposedly-free hardware is
harder (more costly) because it comes with greater risk of discovery.

To put it concretely: if they backdoor all of them, someone (not
necessarily you) might notice.  (Backdooring only yours involves
messing with the shipping arrangements and so on, and supposes that
you specifically are of interest.)

That's not to say it's perfect (nothing is, in security).  But
supposedly-free hardware is easier for anyone else to validate and/or
audit, and by that measure is less likely to be compromised.

How far down the paranoia road you want to go is up to you, but buying
an open hardware / libre firmware security device, rather than a
proprietary one, has relatively few downsides (esp. compared to other
things you might do to reduce your risks).

Also of course buying a libre device has other wider benefits.

Ian.

Reply to:

Follow-Ups:
- Re: wanted: educate us please on key dongles
  - From: Marc Haber <mh+debian-project@zugschlus.de>

References:
- wanted: educate us please on key dongles
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: wanted: educate us please on key dongles
  - From: Jonathan McDowell <noodles@earth.li>
- Re: wanted: educate us please on key dongles
  - From: Marc Haber <mh+debian-project@zugschlus.de>
- Re: wanted: educate us please on key dongles
  - From: Jonathan McDowell <noodles@earth.li>
- Re: wanted: educate us please on key dongles
  - From: Marc Haber <mh+debian-project@zugschlus.de>
- Re: wanted: educate us please on key dongles
  - From: Adam Borowski <kilobyte@angband.pl>
- Re: wanted: educate us please on key dongles
  - From: Marc Haber <mh+debian-project@zugschlus.de>

Prev by Date: Re: wanted: educate us please on key dongles
Next by Date: Re: wanted: educate us please on key dongles
Previous by thread: Re: wanted: educate us please on key dongles
Next by thread: Re: wanted: educate us please on key dongles
Index(es):
- Date
- Thread