I don't know, BDD... I think Jim comes from a victim mindset that people aren't successful in life because shadowy figures watch their every move and steal all their ideas. Who hasn't seen a fancy product come to market and think, "I thought of that 5 yeas ago!" Lots of people think about lots of things, but success comes from people who (through money or just plain force of will) act on those thoughts. Unsuccessful people don't think like that, though, they think they're idea was stolen and look to conspiracy types to agree with them.
Putting aside both my opinion of Internet Troll and Conspiracy Nut, let's look at the end goal and how to get there.
The end goal is perfect secret message transfer between two parties using a pre-shared 1TB flash drive full of true random data. Obtaining two 1TB drives full of the same random data is a challenge in itself. If you're a maximum paranoiac, you can't trust a commercial computer to generate the random data as the Minions of Orthodoxy (MoO) have infiltrated all PC, Macs, etc. at the firmware level. If you relax that constraint then you can use your CD collection, or download media, ISO files, music, video, tar files, or any other data from the Internet and XOR random samples of source data together and, eventually, you'll have an effective true random bit-stream. If you trust 3rd part true-random-number generator hardware, you could use that too... but MoO infiltration applies.
So once you have two flash drives containing the same data. Give one to your secret pal, and you're good to go.
Now you need a device on which to compose your secret "3 Minute Abs" business plan, so you can send it to your secret best friend, and that's where this thread really starts.
Your message device contains: * At least one USB port; to attach your 1TB key flash disk, and later your message transfer flash drive. * A keyboard interface. * A display interface. * CPU, RAM, ROM.
To avoid MoO key logging, the keyboard should be discrete mechanical (not USB). Obviously you can't use RS232 attached to another unsecured computer with its own keyboard and display.
The display should be ubiquitous like VGA or HDMI; so perhaps a small FPGA works here. Include a SPI interface to talk to the MAX3421.
The 6502 for a CPU+RAM+ROM should be fine here. It's task is to be a typewriter and interface to the MAX for USB.
So the 6502 presents an interface to allow you to: * Compose a message * Encrypt a message * Decrypt a message
Once a message is composed (in RAM), the Encrypt option prompts you to install the 1TB Flash drive. The first 5 bytes on the drive hold the running offset for outgoing messages (you and your buddy should agree to start from different offsets, so his messages don't use the same key data as yours). So the application knows where to fetch the new key data, XORs the data with the messages, and writes back the new offset for next time.
The program then prompts you to install the outgoing message flash drive, and writes an encrypted message formatted as: * 4 bytes (little endian) of message text length * 5 bytes (little endian) indicating the start-offset within the 1TB flash of the decryption key * Encrypted bytes (0..len bytes)
You can then remove the flash drive, take that to an unsecured PC and send / post the message to any destination, secure or not, in the world.
Once the receiver obtains the message, he can decrypt it using the process of: * Use an unsecured PC to write the message to the data flash * Use the secured 6502 computer to read the message * Insert the key flash * Use the message length and key offset to decrypt the message.
If the message is altered in transit, or if it comes from a foreign actor, then the compromised bytes will most likely contain nonsense. With a simple XOR scheme, you can nudge an ASCII character over by one byte by changing a 0x63 in the encrypted data to 0x62, but as you'll not know what that byte meant there's no real value there.
But still, if you're concerned about message integrity you can include an encrypted XOR of all message bytes; with that value itself encrypted.
So let's say that's the product. What's the cost?
With an FPGA in the mix, you might as well just buy an FPGA board with the right I/O. That's going to be the cheapest choice. Doing a board by hand is going to be 5x the cost of a commercially available board, and you avoid the board design, layout, manufacture and assembly headache.
So you buy your FPGA board, integrate the open source 6502, SPI and VGA cores, and now it's a software problem.
(if you're wondering why I don't suggest including the USB controller in the FPGA: it's because these controllers are non-trivial and I personally wouldn't want to try to integrate or debug one).
So cost to you is ranging from $5 for the Pi Zero to $150 for an FPGA dev board to $1000+ to build your own board and have it commercially assembled. Add to that a mechanical keyboard and some flash drives.
x 2; as your buddy needs his.
And some software.
With all this you now have a perfectly secret communication terminal.
... until the MoO compel you to hand over your key flash drive.
So let's think about that for a second. Let's accept the premise that the Minions of Orthodoxy monitor all communication and have the means to decrypt all current encryption systems (via means that, say, were designed in but have so far escaped detection from researchers).
All of a sudden the MoO observe perfect secret messages on the Internet that they can't decrypt. That's going to put a laser target on you PDQ.
Now you know for a fact that the MoO can't decrypt your messages, and you know that's going to make them very nervous. Do you think they'll let you get away with it? Do you think they'd sit by and take no action?
Who are you? Would anyone notice if you just disappeared one day? Do you think that's outside the toolkit of the MoO to squash dissent?
I don't know... Your 3 minute abs plan may be worth it, but I'd rather not have the MoO open a file on me.
What is success? What is the measure of a man? Is it the success of 3 minute abs? Is it money in the bank, a big house or a luxury car on the drive? Or is it the smile on his daughter's face when he walks into the room? Is it providing for his family, putting his children through school and ensuring they themselves have good lives?
What would it mean to have the MoO come after you and your family? And for what? 3 minute abs...
I don't think it's worth it, but then it's not my idea.
Good luck and God bless you all.
|