diff options
| author | Rob Austein <sra@hactrn.net> | 2021-02-14 01:55:38 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2021-02-14 01:55:38 +0000 |
| commit | b58c60bcc4a6f3d3ccf4194ef862a808fdc3313b (patch) | |
| tree | ad43c2b937db286c2b3320b57066a9581264444a /markdown/AlphaSealedBags.md | |
| parent | 23bb68fe7e9cc8af176ff60b56e8a51a70f05a89 (diff) | |
Hack images, store outputs in git again for now
Easier to track what each script change does if we keep the before and
after versions of the markdown in git too. Clean this up eventually,
but simplifies development.
Diffstat (limited to 'markdown/AlphaSealedBags.md')
| -rw-r--r-- | markdown/AlphaSealedBags.md | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/markdown/AlphaSealedBags.md b/markdown/AlphaSealedBags.md new file mode 100644 index 0000000..e99dbca --- /dev/null +++ b/markdown/AlphaSealedBags.md @@ -0,0 +1,62 @@ + +## Chain of custody + +At present, we can't make any statements at all about the integrity of the hardware before it reached us - assembled and ready. + +We test and program the Alphas using a dedicated computer, but not in a secure facility by any means. +A concerned user is advised to reprogram the firmware with binaries built from source. + +To provide some assurance the devices have not been tampered with after they have been programmed we put them in sealed bags with individual serial numbers. + +As the model of bags might change over time, we will publish photos of the bags used here as well as PGP signed statements for what serial numbers can be expected. +At this time, we do not keep records of which exact unit was sent to whom. + + + +This is a picture of the currently used bags: + +[[Image(Alpha_tamper_bag_2016-12-16.png, 640px)]] + + + +``` +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +At 2016-12-16, I put Cryptech Alpha units into sealed bags with the +following serial numbers: + + 26 0 027 233 507 + 26 0 027 233 508 + 26 0 027 233 509 + 26 0 027 233 510 + 26 0 027 233 511 + 26 0 027 233 512 + 26 0 027 233 513 + 26 0 027 233 514 + 26 0 027 233 515 + 26 0 027 233 516 + 26 0 027 233 517 + 26 0 027 233 518 + 26 0 027 233 519 + 26 0 027 233 520 + 26 0 027 233 521 + 26 0 027 233 522 + 26 0 027 233 523 + 26 0 027 233 524 + 26 0 027 233 525 + 26 0 027 233 526 + +/Fredrik +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQEcBAEBCgAGBQJYU/MVAAoJEBmMGv1QUVLd+2gH/jLZ7aUGlZ+Iwj6b746Hh6u1 +2JAZ+2tk5tRooTwNb4A5P3ewRcbjA0jPJQQlpVqZcxdt0DDjS16AR0LEaH2rWL++ +sj/OtBm5rqAmVcf1NNvzpC8f8WWgRYhx4nNhWKnEcTBQXT9NbFQhQY0WH3ebupnn +8PK0mX8PpfsjM/3vxtVVLmi+vBsxv0hBcdl+t4IPw/UbzozicF6jZpxRXxVujTE6 +WLGXaCnySS4T1zgtpewfgVMOMouGScUw5n2yHRZJpissGUVJtuPrOEmNFvDz7LRD +i00Rc4i2emsKTgKrkMIKyQWSqFIQ1nBUQ5B5ES1Q50432cppbyEW2rJJZjAuxgM= +=s2D5 +-----END PGP SIGNATURE----- +``` |