Leading on Josh's excellent suggestion for attaching an entropy key to an access point's spare USB port (whether TP-Link, Buffalo, or some other USB capable device), what are thoughts about using a <i>single</i> such entropy key within a mesh to improve the entire mesh's encryption strength?<br>
<br>That is, imagine a mesh which begins with no encryption (whether IBSS-RSN on the adhoc or WPA2 on the virtual APs). Now, add a single TP-Link box with the entropy key to the mesh. Next, systematically use the output of that key to regenerate the DSA hostkeys of all nodes w/in the mesh (administered via SSH sessions). Then turn on IBSS-RSN on the adhoc mesh, along with WPA2 on all nodes' virtual access points, again using the output of the entropy key. Next, have all nodes regenerate their hostkeys <i>again</i>, and the iterate so forth until an appealing degree encryption has been reached. At this point, the nodes then could mutually adhere to a regular schedule of renewing their WPA2 and RSN keys.<br>
<br>Whenever an event occurs where the mesh's security have been deemed compromised (e.g. an unknown MAC address joins the IBSS-RSN encrypted mesh), all mesh users could be alerted of this event, the mesh could switch to 'insecure' mode, and this process of renewing all keys could start from scratch.<br>
<br>Such a scheme would still have the fundamental weakness that having an "untrusted" node within the mesh at t = 0 undermines any subsequent effort at maintaining security via encryption, and really this limitation is going to be inherent to the social nature of a community mesh. However, could an automated, mesh-wide process of repeatedly renewing nodes' encryption keys using the output of a single device like the entropy key still yield a usable degree of encryption?<br>
<br><div class="gmail_quote">On Wed, Jan 23, 2013 at 8:22 AM, Josh King <span dir="ltr"><<a href="mailto:jking@chambana.net" target="_blank">jking@chambana.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Probably an Entropy Key or other RNG for stronger crypto?<br>
<br>
<a href="http://www.entropykey.co.uk/" target="_blank">http://www.entropykey.co.uk/</a><br>
<div><div class="h5"><br>
On Wed 23 Jan 2013 09:09:55 AM EST, Dan Staples wrote:<br>
> A USRP for OpenBTS! Although I doubt a router has the processing power<br>
> needed to encode voice data and the like... A HackRF would also be a<br>
> great peripheral to use once those are publicly available:<br>
> <a href="http://ossmann.blogspot.com/2012/06/introducing-hackrf.html" target="_blank">http://ossmann.blogspot.com/2012/06/introducing-hackrf.html</a>.<br>
><br>
> I currently have a router with a USB port, that I run DD-WRT on. I have<br>
> a 250GB HDD plugged into it, which I use for automated backups of a<br>
> website I run, plus a SFTP server. A USB port was a deciding factor in<br>
> the router I decided to buy...It's an ASUS WL-520GU. But I could also<br>
> see a 3G dongle as a big appeal for a USB port.<br>
><br>
> Another idea is to use a USB drive as a crypto device. Insert the USB<br>
> flash drive to unlock a keyring or some private key material. That would<br>
> be an easy way to deploy multiple routers on a network that need to use<br>
> a common encryption key(s).<br>
><br>
> Dan<br>
><br>
> On Wed 23 Jan 2013 03:46:25 AM EST, Christian Huldt wrote:<br>
>><br>
>> Ben West skrev 2013-01-22 22:15:<br>
>>><br>
>>><br>
>>> What could this USB port do for you?<br>
>>><br>
>>> - Filesystem for squid proxy? (Probably not very practical)<br>
>>> - 3G/4G modem for Internet gateway?<br>
>>> - USB sound adapter for streaming MP3 applications?<br>
>>> - Control this desktop rocket launcher<br>
>>> <a href="http://www.thinkgeek.com/product/8a0f/" target="_blank">http://www.thinkgeek.com/product/8a0f/</a> ?<br>
>><br>
>><br>
>> 3G/4G modem and/or a tellstick to control some equipment<br>
>> <a href="http://www.telldus.se/products/tellstick" target="_blank">http://www.telldus.se/products/tellstick</a><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Commotion-dev mailing list<br>
>> <a href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
>> <a href="https://lists.chambana.net/mailman/listinfo/commotion-dev" target="_blank">https://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
>><br>
>> --<br>
>> Dan Staples<br>
>><br>
>> Open Technology Institute<br>
>> <a href="https://commotionwireless.net" target="_blank">https://commotionwireless.net</a><br>
> _______________________________________________<br>
> Commotion-dev mailing list<br>
> <a href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
> <a href="https://lists.chambana.net/mailman/listinfo/commotion-dev" target="_blank">https://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
><br>
<br>
</div></div>--<br>
Josh King<br>
<br>
"I am an Anarchist not because I believe Anarchism is the final goal,<br>
but because there is no such thing as a final goal." -Rudolf Rocker<br>
<br>
<br>_______________________________________________<br>
Commotion-dev mailing list<br>
<a href="mailto:Commotion-dev@lists.chambana.net">Commotion-dev@lists.chambana.net</a><br>
<a href="https://lists.chambana.net/mailman/listinfo/commotion-dev" target="_blank">https://lists.chambana.net/mailman/listinfo/commotion-dev</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Ben West<div><a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br><a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a><br>314-246-9434<br>
</div>