[Commotion-dev] What would you do with the USB port on your Commotion access point?
Josh King
jking at chambana.net
Fri Feb 22 21:56:40 UTC 2013
Speaking of entropy, saw this not too long ago, it'll be interesting to
see if it could help with some of our entropy problems:
http://www.phoronix.com/scan.php?page=news_item&px=MTI5NzY
On Fri 22 Feb 2013 04:49:49 PM EST, Dan Staples wrote:
> That's an interesting (and complicated) idea! :)
>
> Would the risk of relying on a single node for entropy outweigh the
> limitations of having individual nodes generate their own keys with
> less-than-ideal entropy?
>
> On Mon 11 Feb 2013 11:16:55 PM EST, Ben West wrote:
>> Leading on Josh's excellent suggestion for attaching an entropy key to
>> an access point's spare USB port (whether TP-Link, Buffalo, or some
>> other USB capable device), what are thoughts about using a /single/
>> such entropy key within a mesh to improve the entire mesh's encryption
>> strength?
>>
>> That is, imagine a mesh which begins with no encryption (whether
>> IBSS-RSN on the adhoc or WPA2 on the virtual APs). Now, add a single
>> TP-Link box with the entropy key to the mesh. Next, systematically
>> use the output of that key to regenerate the DSA hostkeys of all nodes
>> w/in the mesh (administered via SSH sessions). Then turn on IBSS-RSN
>> on the adhoc mesh, along with WPA2 on all nodes' virtual access
>> points, again using the output of the entropy key. Next, have all
>> nodes regenerate their hostkeys /again/, and the iterate so forth
>> until an appealing degree encryption has been reached. At this point,
>> the nodes then could mutually adhere to a regular schedule of renewing
>> their WPA2 and RSN keys.
>>
>> Whenever an event occurs where the mesh's security have been deemed
>> compromised (e.g. an unknown MAC address joins the IBSS-RSN encrypted
>> mesh), all mesh users could be alerted of this event, the mesh could
>> switch to 'insecure' mode, and this process of renewing all keys could
>> start from scratch.
>>
>> Such a scheme would still have the fundamental weakness that having an
>> "untrusted" node within the mesh at t = 0 undermines any subsequent
>> effort at maintaining security via encryption, and really this
>> limitation is going to be inherent to the social nature of a community
>> mesh. However, could an automated, mesh-wide process of repeatedly
>> renewing nodes' encryption keys using the output of a single device
>> like the entropy key still yield a usable degree of encryption?
>>
>> On Wed, Jan 23, 2013 at 8:22 AM, Josh King <jking at chambana.net
>> <mailto:jking at chambana.net>> wrote:
>>
>> Probably an Entropy Key or other RNG for stronger crypto?
>>
>> http://www.entropykey.co.uk/
>>
>> On Wed 23 Jan 2013 09:09:55 AM EST, Dan Staples wrote:
>> > A USRP for OpenBTS! Although I doubt a router has the processing
>> power
>> > needed to encode voice data and the like... A HackRF would also be a
>> > great peripheral to use once those are publicly available:
>> > http://ossmann.blogspot.com/2012/06/introducing-hackrf.html.
>> >
>> > I currently have a router with a USB port, that I run DD-WRT on.
>> I have
>> > a 250GB HDD plugged into it, which I use for automated backups of a
>> > website I run, plus a SFTP server. A USB port was a deciding
>> factor in
>> > the router I decided to buy...It's an ASUS WL-520GU. But I could
>> also
>> > see a 3G dongle as a big appeal for a USB port.
>> >
>> > Another idea is to use a USB drive as a crypto device. Insert
>> the USB
>> > flash drive to unlock a keyring or some private key material.
>> That would
>> > be an easy way to deploy multiple routers on a network that need
>> to use
>> > a common encryption key(s).
>> >
>> > Dan
>> >
>> > On Wed 23 Jan 2013 03:46:25 AM EST, Christian Huldt wrote:
>> >>
>> >> Ben West skrev 2013-01-22 22:15:
>> >>>
>> >>>
>> >>> What could this USB port do for you?
>> >>>
>> >>> - Filesystem for squid proxy? (Probably not very practical)
>> >>> - 3G/4G modem for Internet gateway?
>> >>> - USB sound adapter for streaming MP3 applications?
>> >>> - Control this desktop rocket launcher
>> >>> http://www.thinkgeek.com/product/8a0f/ ?
>> >>
>> >>
>> >> 3G/4G modem and/or a tellstick to control some equipment
>> >> http://www.telldus.se/products/tellstick
>> >>
>> >>
>> >> _______________________________________________
>> >> Commotion-dev mailing list
>> >> Commotion-dev at lists.chambana.net
>> <mailto:Commotion-dev at lists.chambana.net>
>> >> https://lists.chambana.net/mailman/listinfo/commotion-dev
>> >>
>> >> --
>> >> Dan Staples
>> >>
>> >> Open Technology Institute
>> >> https://commotionwireless.net
>> > _______________________________________________
>> > Commotion-dev mailing list
>> > Commotion-dev at lists.chambana.net
>> <mailto:Commotion-dev at lists.chambana.net>
>> > https://lists.chambana.net/mailman/listinfo/commotion-dev
>> >
>>
>> --
>> Josh King
>>
>> "I am an Anarchist not because I believe Anarchism is the final goal,
>> but because there is no such thing as a final goal." -Rudolf Rocker
>>
>>
>> _______________________________________________
>> Commotion-dev mailing list
>> Commotion-dev at lists.chambana.net
>> <mailto:Commotion-dev at lists.chambana.net>
>> https://lists.chambana.net/mailman/listinfo/commotion-dev
>>
>>
>>
>>
>> --
>> Ben West
>> http://gowasabi.net
>> ben at gowasabi.net <mailto:ben at gowasabi.net>
>> 314-246-9434
>
> --
> Dan Staples
>
> Open Technology Institute
> https://commotionwireless.net
--
Josh King
"I am an Anarchist not because I believe Anarchism is the final goal,
but because there is no such thing as a final goal." -Rudolf Rocker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20130222/7ba7ddef/attachment.sig>
More information about the Commotion-dev
mailing list