[Noisebridge-discuss] FST01 FLOSS USB Crypto Key, get one from me and help FLOSS

Fri Mar 22 07:41:48 UTC 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear nosebridgers,

Following the tradition of exploring and hacking cryptographic tools and
related security content, that our graceful community adores. I want to support
and help a Free Software project that the graceful people of
http://www.fsij.org/wiki/FreeSoftwareInitiativeofJapan give us. The author
gniibe <http://www.gniibe.org/> is a hacker in Japan, he develops Gnuk
<http://www.fsij.org/gnuk/> and NeuG
<http://www.gniibe.org/memo/development/gnuk/rng/neug>.
Here you can find KiCAD sketches, and source code for GnuK and NeuG:
https://gitorious.org/gnuk

This two projects work with these device:

http://www.seeedstudio.com/depot/fst01-with-white-enclosure-p-1279.html?cPath=132_137
IF YOU ARE QUICKLY BROWSING, I'M BUYING THESE CRYPTO USB KEY IN A BATCH^^^
GET ONE FROM ME^^^

I'm ordering around 7 usb keys, please let me know if you want one, it will be
helpful if I can get more FST01 ordered. I will be ordering them by Monday or Tuesday.

What is GnuK? 

Welp, fellow hacker, GnuK is a USB Cryptographic Token by Free Software which conforms to OpenPGPcard 2.0 protocol
To know more about it, read the following docs: http://www.fsij.org/doc-gnuk/
Pretty straight forward Sphinx docus, IMHO.

GnuK incorporates parts of NeuG, for instance, the RNG, and more.

You can reflash FST01 only to work with NeuG as a RNG. docus see links above.

If you only want to use GnuK, GnuK is not only closed to the FST01.
Hardware requirement for Gnuk is the micro controller STM32F103. In version
1.0, Gnuk supports following boards:

  FST-01 (Flying Stone Tiny ZERO-ONE)
  Olimex STM32-H103
  CQ STARM
  STBee
  STBee Mini
  STM32 part of STM8S Discovery Kit

Welp, I know you're going to ask, but what about attack as in xxxxx?
The following answers from the author can express answers to such concerns:
http://no-passwd.net/askbot/question/33/how-safe-is-gnuk-against-side-channel-attacks-usb/#42
http://no-passwd.net/askbot/question/3/what-if-i-lose-my-fst-01-with-my-private-key-on-it/#8

My fellow friend & hacker,  Felipe R. Murillo gpg:59DEC514, introduced me to
GnuK and the FST01. I immediately became intrigue, and it brought back
that hope I had lost on projects that tie in software/hardware for a real
functional need. Felipe, told me that Seth David Schoen <schoen at eff.org> owns a
FST01, so I mailed him (and ask for his permission for me to quote him on the
device). I will add the part of his reply on the security risks, at the end of
this mail after my mail signature.

So now to the motivational part. This a great project, and its a start on the
open hardware on crypto devices. Instead, of negative bashing these project
(in which I don't know why one would do that), WE CAN CONTRIBUTE! We say we
love FLOSS projects, its ethos, the power it gives to the user and the
developer. Then I say, LET'S FUCKING STAND BEHIND THAT BELIEVE! Yes,
Cryptographic applications and usability, etc.. related to information security
is super fucked... But who is going to fix it? I say, US, the FLOSS users and
ongoing supporters. WE are the community.

So if you want to help, read the code, look at the schematics, mail the author.
Any feedback will make this project progress more torwards perfection. If you
know Japanase, help us translate his docus, and make everything easy for
everybody. 

IMHO, the last said, doesn't only applies to this project or hardware device.
It applies to every project that you like, and you think deserves some help.
It's more than sad, the fact that we have tons of tools for remote
contribution, and nobody is doing anything but use and don't give back. what is
stopping us? After reading this, help a project wiki, write documentation, send
a patch, pull-request, get in contact with a project's community IRC channel.

If you read all these, thanks for your time. I apologize for my bad English (SUPER ESL).
My Brit friends, don't kill me due to crimes against the written English language.

(I'm such a bad advertiser)

- - - gnusosa
Carlos Sosa
8169 8649 6995 DF85 80AD  F778 A145 52AD A100 F1A7

*After this line it is all Seth Schoen*
- - ----------------------------------------------------------------------

My intuition is that it's intrinsically safer against most threats than
a key on a hard drive would be because it adds an extra step.  This is
especially true today when so many vulnerabilities are being found in
desktop operating systems and software and there are even large,
growing, lucrative markets for secret knowledge of these vulnerabilities.
That makes it, frustratingly, much harder to trust that our desktop
computers are uncompromised.  Having a separate, simpler, smaller token
with a different architecture and code base and that's specifically
designed to keep secret key material secret is possibly very useful in
this context because it's a more difficult target than a modern desktop
OS, and because in an attack over the Internet it would require
compromising both the PC and the token in series, maybe during a very
short time window.

There are two main security concerns that I would worry about: one is
whether there are software bugs that can force the token to run malicious
code and dump its secrets, and the other is whether the low level of
physical tamper resistance would allow someone to read the key out of the
device given temporary physical access to it.  For example, imagine that
you carry a PGP key across a national border and the border agents decide
to stop you and examine your devices in order to try to recover the key.
If you had the key on a computer hard drive with full-disk encryption and
the computer was powered off, they'd probably have a hard time cracking
it, but if they got the token and examined it, it might be easier: I
don't think Niibe has put a huge amount of work into physical
tamper-resistance.

There are also more expensive classic attacks against hardware tokens
such as emanations and power attacks.

https://en.wikipedia.org/wiki/Side_channel_attack

I'm not sure how much work Niibe has done to mitigate all of the known
side-channel attacks.  It seems to me that he has a lot of great
expertise about embedded systems design, but I didn't talk to him in
detail about these attacks or his threat model, and I haven't yet seen
analysis of these things from him.  Even some devices that were very
competently designed in other ways are vulnerable to some side-channel
problems, so I think it would be worth understanding.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQGwBAEBAgAGBQJRS/ltAAoJEKFFUq2hAPGnSJcMoNycAAPGwN4zgNTklROyvMQY
QecRHSryKrrAQExoXNfzjTNTUXPlOc+P8dj8Ecpxl4Vo73TftiCMpkRy/aeVPMtY
DxERUSpGn78N6QlyHCMoUaw0FfSaBTzGQyCnxwnpkpQR/XVqQ8RkML09+hITRTA4
nEZ1lEWV6ei7WJL8mhFDN1e+fSKq+yD8jSrmCRiOEj0Ij42fnNB6ihh/m3NUe2OP
qZDdWPm2q41DA8p2OvPCDUqErCeL0VwGlO8ddt1t/nou5Aj+/iAorJzqZc8eO+RM
t7j9G9XSjXvVcoJ9eNJT4sukyng6BRXqAPhW2AvdIrKyDJT5/WKcrNHuuab9+iIQ
LzE/Dwep9KfWdeOINhdri71cGNu/QyfkBy9VCURAlHuSsgx+vQhAKpgFdADNMTG1
7zlcvgw/4adCvm91EgIfREEAm/abSb1QV4BQ9qHI9WrM6xAIwJGLyUgRjGJ00kEd
NkJofC9lGfydOszoajte9/BnAJEPa6Wp3I1Has7orPbiUCu9lfudcG8pbY2HscwA
BcLR
=Z7Eb
-----END PGP SIGNATURE-----