[Commotion-dev] What would you do with the USB port on your Commotion access point?
Dan Staples
danstaples at opentechinstitute.org
Fri Feb 22 21:49:49 UTC 2013
That's an interesting (and complicated) idea! :)
Would the risk of relying on a single node for entropy outweigh the
limitations of having individual nodes generate their own keys with
less-than-ideal entropy?
On Mon 11 Feb 2013 11:16:55 PM EST, Ben West wrote:
> Leading on Josh's excellent suggestion for attaching an entropy key to
> an access point's spare USB port (whether TP-Link, Buffalo, or some
> other USB capable device), what are thoughts about using a /single/
> such entropy key within a mesh to improve the entire mesh's encryption
> strength?
>
> That is, imagine a mesh which begins with no encryption (whether
> IBSS-RSN on the adhoc or WPA2 on the virtual APs). Now, add a single
> TP-Link box with the entropy key to the mesh. Next, systematically
> use the output of that key to regenerate the DSA hostkeys of all nodes
> w/in the mesh (administered via SSH sessions). Then turn on IBSS-RSN
> on the adhoc mesh, along with WPA2 on all nodes' virtual access
> points, again using the output of the entropy key. Next, have all
> nodes regenerate their hostkeys /again/, and the iterate so forth
> until an appealing degree encryption has been reached. At this point,
> the nodes then could mutually adhere to a regular schedule of renewing
> their WPA2 and RSN keys.
>
> Whenever an event occurs where the mesh's security have been deemed
> compromised (e.g. an unknown MAC address joins the IBSS-RSN encrypted
> mesh), all mesh users could be alerted of this event, the mesh could
> switch to 'insecure' mode, and this process of renewing all keys could
> start from scratch.
>
> Such a scheme would still have the fundamental weakness that having an
> "untrusted" node within the mesh at t = 0 undermines any subsequent
> effort at maintaining security via encryption, and really this
> limitation is going to be inherent to the social nature of a community
> mesh. However, could an automated, mesh-wide process of repeatedly
> renewing nodes' encryption keys using the output of a single device
> like the entropy key still yield a usable degree of encryption?
>
> On Wed, Jan 23, 2013 at 8:22 AM, Josh King <jking at chambana.net
> <mailto:jking at chambana.net>> wrote:
>
> Probably an Entropy Key or other RNG for stronger crypto?
>
> http://www.entropykey.co.uk/
>
> On Wed 23 Jan 2013 09:09:55 AM EST, Dan Staples wrote:
> > A USRP for OpenBTS! Although I doubt a router has the processing
> power
> > needed to encode voice data and the like... A HackRF would also be a
> > great peripheral to use once those are publicly available:
> > http://ossmann.blogspot.com/2012/06/introducing-hackrf.html.
> >
> > I currently have a router with a USB port, that I run DD-WRT on.
> I have
> > a 250GB HDD plugged into it, which I use for automated backups of a
> > website I run, plus a SFTP server. A USB port was a deciding
> factor in
> > the router I decided to buy...It's an ASUS WL-520GU. But I could
> also
> > see a 3G dongle as a big appeal for a USB port.
> >
> > Another idea is to use a USB drive as a crypto device. Insert
> the USB
> > flash drive to unlock a keyring or some private key material.
> That would
> > be an easy way to deploy multiple routers on a network that need
> to use
> > a common encryption key(s).
> >
> > Dan
> >
> > On Wed 23 Jan 2013 03:46:25 AM EST, Christian Huldt wrote:
> >>
> >> Ben West skrev 2013-01-22 22:15:
> >>>
> >>>
> >>> What could this USB port do for you?
> >>>
> >>> - Filesystem for squid proxy? (Probably not very practical)
> >>> - 3G/4G modem for Internet gateway?
> >>> - USB sound adapter for streaming MP3 applications?
> >>> - Control this desktop rocket launcher
> >>> http://www.thinkgeek.com/product/8a0f/ ?
> >>
> >>
> >> 3G/4G modem and/or a tellstick to control some equipment
> >> http://www.telldus.se/products/tellstick
> >>
> >>
> >> _______________________________________________
> >> Commotion-dev mailing list
> >> Commotion-dev at lists.chambana.net
> <mailto:Commotion-dev at lists.chambana.net>
> >> https://lists.chambana.net/mailman/listinfo/commotion-dev
> >>
> >> --
> >> Dan Staples
> >>
> >> Open Technology Institute
> >> https://commotionwireless.net
> > _______________________________________________
> > Commotion-dev mailing list
> > Commotion-dev at lists.chambana.net
> <mailto:Commotion-dev at lists.chambana.net>
> > https://lists.chambana.net/mailman/listinfo/commotion-dev
> >
>
> --
> Josh King
>
> "I am an Anarchist not because I believe Anarchism is the final goal,
> but because there is no such thing as a final goal." -Rudolf Rocker
>
>
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net
> <mailto:Commotion-dev at lists.chambana.net>
> https://lists.chambana.net/mailman/listinfo/commotion-dev
>
>
>
>
> --
> Ben West
> http://gowasabi.net
> ben at gowasabi.net <mailto:ben at gowasabi.net>
> 314-246-9434
--
Dan Staples
Open Technology Institute
https://commotionwireless.net
More information about the Commotion-dev
mailing list