We do not have any assurance that our basic tools are not compromised.
At the base, is the compiler. The fear was first formally expressed in Ken Thompson's 1984 Turing Award Lecture Reflections on Trusting Trust.
David A …
The Cryptech project is using Avalanche Noise as a physical entropy source connected to the FPGA.
Avalanche breakdown is a physical process that occurs when current is forced backwards through a diode until it cannot hold back anymore. The diode will then begin conducting for a brief time until the …
The pkcs11-proxy is a way to tunnel PKCS11 over TCP (TLS). This page explains how to build and install PKCS11 proxy on the novena. There are various forks of this on github. We're going to use the SUNET fork since it support TLS-PSK for authentication out of the box. The …
Page Under Construction
Page Under Development
| State | Component | DNSsec Signing | Let's Encrypt | Tor Consensus | Internal | Ticket |
|---|---|---|---|---|---|---|
| Done | AES / KEY WRAP | Wrap/Bkup | #17 | |||
| ECDSA p256 | secondary | Yes | ||||
| ECDSA p384 | secondary | ? | ||||
| Testing | PKCS#11 | Yes | Yes | Yes | Yes | #14 |
| Done | RSA | Yes | Yes | Yes | #16 | |
| Done | SHA-1 | Yes | ||||
| Done | SHA-256 | Yes | Yes | Yes | ||
| Done … |
Presentation at ICANN
Presentation at ICANN
"I wrote pkcs11 libraries and also have modified BIND that offloads full
RRSIG calculation (including time) to board. Clearly can use anything
other than TPM to do RSA calculations."
Side Channel attacks on hardware are hard to avoid, detect and mitigate. But this should not stop us from trying. The CrypTech platform should be developed with side channel issues in mind. This page tries to collect information about relevant side channel attacks, mitigation strategies, side channel resistant design methods …
One, if not THE key functionality in the Cryptech system is the True Random Number Generator (TRNG). We therefore need to discuss, investigate and test to find a TRNG that we and the users of Cryptech can trust and can verify to be trusted.