NSA-busting secure, open, router seeks cash and code from crowd Australian embedded systems designer Redfish is hoping to attract funding from the crowd to market a secure routing platform that open-sources both the hardware and software to protect users from unwanted snooping. Speaking to The Register ahead of the launch, Redfish managing director Justin Clacherty said the project is …
Was pondering purchasing some kit from http://routerboard.com/; pity there doesn't seem to be many/any ADSL options for the miniPCI slots.
If they make this thing modular; say PCI-104 or some-such then I'd probably buy
It would be nice to be able to pick & choose say base + adsl + wifi or base + extra switch ports
Do it with openwrt and I am happy to throw some pennies in that can you are rattling.
Another custom linux distribution? Forget it.
In any case, by today's standards 1GBps is not something to shout about. There is plenty of hardware from that can do this using "stock" openwrt checkout from trunk. Most of them are mips based though. Having a ppc for variety would be nice.
Anything that ships out of the US above the VHDL level must be viewed as suspect.
And where's the "encryption engine" coming from?
If you're going to be serious about privacy lets do it right.
Why pay more for the illusion of security when you can buy cheap and know you have none (and plan accordingly) ?
Given what Snowden has shown about NSA willingness to compromise US hardware and software companies this is not paranoid, it's merely realistic.
"Anything that ships out of the US above the VHDL level must be viewed as suspect."
I'm not clear on exactly what you are getting at here.
First, this is an Australian project. If you are referring to the sourcing of components themselves; it is possible they are designed in the U.S., yes, but most physical components ship from countries like China. Even for non-U.S. chip designers; who's to say the hardware hasn't been compromised at the manufacturing level? It's no secret that China is deeply into espionage, and that the government there has very close ties with corporations. And how can you say that any other country's government is not doing the same thing as the NSA, but just hasn't been outed? Perhaps other countries are simply better at keeping quiet than the US.
As for using open-source cores at the VHDL/Verilog level; if the secret to cracking encryption might involve something like making random numbers a little less random, who's to say that someone messing with the VHDL code might not introduce a subtle "bug"? Or that your FPGA manufacturer isn't going to inject something? I doubt there is a huge population of non-government VHDL experts (who are also encryption experts) with the time to pour over the code for open-source cores. Even if there were, a "bug" could still be subtle enough to elude even the most observant.
And when do we know for sure that a self-professed "good guy" is really on your side? Where do you think the most intelligent folks in the world are working?
In reality, complete computer security is *always* going to be an illusion, regardless of how "safe" you think you are. Security is all about probability. In the world economy, you've got to trust someone, somewhere. If not, you may as well go back to using smoke signals.
Purpose please?
Encrypting traffic internally then broadcasting the traffic back onto the Internet TCP/IP {clear text protocol} ?
Seriously if are going to do things right lets revisit the entire Internet protocol
Long before the Internet first started there was two choices ipx/spx & tcp/ip - the latter was selected due to it being clear text.
You might want to go read the OSI model again: http://en.wikipedia.org/wiki/OSI_model
TCP is the transport layer, ie it's responsible for moving data between computers. That data can be encrypted, depending on what it is. The rest of the TCP packet can't really be encrypted, because it's necessary for getting the data to where it's supposed to go, for example the address has to be readable. Otherwise it would be the equivalent of enciphering the address of a letter, it would make it impossible for the postman to deliver. However, you could still encrypt the *content* of your letter to keep it safe from prying eyes.
TCPIP was invented for Arpanet, the forerunner of the internet. IPX was developed by Novell in the 80s and is more designed for LANs as it doesn't scale well to internet sizes. It is also in plain text.
Judging by the <front page?> article in the Times yesterday, the media is now more aware of TOR than ever and I can see a campaign (probably by the mail) to get it made illegal as 'people can use it for bad reasons'.
Personally, on the assumption TOR can remain in use, I would like somebody to develop either a physical or virtual TOR adapter, so TOR can be used more widely at the OS level (rather than relying on a TOR proxy or torify for example). Perhaps this already exists - dunno.
Having this functionality at the netwrok perimiter is still a good idea though, as it would cover all devices on the LAN.
An auto-meshing Darknet would be great, especially if it had encryption from the start.
But why stop there? How about an auto-meshing TOR-esque system? An auto-meshing networks (defined 'internal' and 'external' networks with the 'external' links meshing) that can talk to other units of the same type over a further-encrypted Internet link and where each node is a 'node' in a TOR-style arrangement. TOR has only 4,000ish actual exit points, this could really help improve on that.
As an additional feature, a torrent-like structure could be used to request different parts of the same file from multiple endpoints. In a Cloud-y world with data replicated and shared globally this would then pull the data from multiple datacentres- potentially speeding up your downloads but also helping obfuscate what data is being requested and by who so the metadata searches become that much more complex.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
