About anti-interdiction

Librem
1

Hi guys.

I like the idea of anti-interdiction for their products: https://puri.sm/posts/anti-interdiction-services/
However, I think it’s still not perfect. For example, a bad guy can just replace the red LED on the Librem key with a green one, and the user may have difficulty noticing that unless testing it carefully. Or, the hacker can replace the package with a compomised computer of the same model, paired with a key. I think seperated shipping address and delayed shipping aren’t going to help anyway.

I can think of a method to check the uniqueness:

  1. Having 2 secret codes A and B, both Purism and the user know both codes, but keep them safe, it doesn’t matter which side generate them.
  2. Purism input both codes into the computer before shipping it.
  3. The computer should ask for code A, and only after code A is correct, display code B.
  4. By checking code B, the user know if the computer is exactly the one he ordered.

This method is useless if the codes are stored on disk or in normal BIOS, even if the disk is fully encrypted. Because a hacker can just swap the disk/SPI or copy the contents to another compromised computer. But if this can be stored and verified by TPM, which is uncopiable(I’m not sure) and will be bounded to the rest of the components, it should work.
I saw there seems something related:



It seems they have a phone based system even before the hardware key, but I’m not sure if the customer can use anything sent to them digitally, to verify the computer ships to them.

Any ideas welcome to discuss.

1 Like
2

anti interdiction just makes it really f***ing hard. nothing is perfect.

1 Like
3

How about display a random number of random codes, and the right one in the mix? "Which is your code B? Select correct code's line number > " Computer reacts normally if the attacker selects the wrong code. The intended recipient tries to enter A and it doesn’t work, but entering B does.

1 Like
4

this is actually super clever :stuck_out_tongue: love it! Hopefully this is done over 2FA encrypted email like protonmail, which is so secure they cannot recover your emails. Only you have access to them.

5

Gotta love me some Swiss Privacy laws although a PGP client such as GOG would be an easier and yet more secure solution to this.

6

Thank you everyone!

I think their smartphone code compare system might be an advanced version of my idea. I guess their system work like this:

  1. Generate a secret equation which can calculate X to Y, but either X or Y are not nesserary to keep secret(similar to asymmetric cryptography).
  2. Sync the equation to phone.
  3. Use current time as X.
  4. Display Y on both computer and phone for user to determine if the equation is correct.

If my guess is correct, then the only problem left is whether Purism can sync the “equation” to a user’s phone over internet, not using a hardware rely on physical shipping. Or, they can just provide a webpage instead of the APP, to do the same thing.