SD Card on motherboard

quang.luan · March 9, 2021, 9:02pm

For securing, there’s something like need for an password storage.

I recommend, that somewhere next to bios, we would put detachable SD card on motherboard, that’ll have encrypted writting by special encryption chip…

That way we could get our passwords out of notebook, but it would have to be deconstructed for it, and you don’t loose them once you loose HDD.

irvinewade · March 9, 2021, 11:02pm

Isn’t that what the smartcard gives you?

I wasn’t clear what platform (laptop or phone) you were mostly referring to but, it would seem, Purism’s approach on either platform is to use a smartcard for password storage.

That is

removable
roughly the same size and format as an SD card (although really more like a SIM card)
resistant to brute force attacks
designed to be hard to break into even if deconstructed

quang.luan · March 10, 2021, 3:54pm

That’s even better. But that’s like for own keys… What about for keyring? I suggest write only SD card. Soldered to mother board. 1TB, that should be enough for a lifetime, and keyring software should have some limits about pollution bloat ware.

irvinewade · March 10, 2021, 9:31pm

The smartcard is write only too but that then raises the issue of how you back it up. For the smartcard you must do that by writing the key to both the main smartcard and the backup smartcard. (The backup smartcard can be kept physically separate so that in the event that the device, with the main smartcard inserted, is lost or stolen, the keys are not lost.)

How would that work in your scenario?

Backup is a weakness but so is lack of a backup.

quang.luan · March 10, 2021, 11:19pm

I would worry about the size…

When I imagine, I would have 3000, and each of them got like 17 different signatures for each occasion to be secure, in the final end, it’s like 3000174096kB… It’s 199MB’s of cryptographic signatures.

Or if you’re signed to lot of channels, or you use a software of lot people, 3000 connections is not a big number in today’s word.

Therefore, it means… There’s something like…
If I’ve got a problems with such small card. Imagine, each one every developer in commission must be signed to the update, otherwise you shouldn’t install it.

You use software from more people, because it’s precise software…

Funny this facebook and google market and things, when you can have just parsed everything you need.

But then there’s a bigger problem. I need to write only store every license with checksum of software I’m using. And for that 1TB write only SD card is not enough.

And I need to have it stored, so with this write only, we can have secure boot like no other, because nobody can however replace the checksum…

And yes, license is required if you’re parsing OP codes, because it’s necessary to do it with permission. Of course if it’s software from robots allowed part of internet, you don’t have to. Creating a robot, which consumes executable software on processor, and spews out new software isn’t illegal here, because here, my robots have own rights, given by unix kernel, and law is also applicable to your robots…

But then I need 10000 manhours of reading licenses or robot for doing that…

I would stick with having signatures of developers.

irvinewade · March 11, 2021, 12:53am

I totally understand your point. But I didn’t see how you are going to address backup? Equipment can be lost, stolen or suffer from hardware failure.

quang.luan · March 14, 2021, 6:44pm

There can be storage like SD card in a phone, that’s mirrored and encrypted. That’s kinda best way to back up data from phone.