summaryrefslogtreecommitdiff
path: root/tracwiki/AlphaSealedBags.trac
blob: 247e26cffc4307bb5429aba6ab96d84ac104ffa5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
== Chain of custody ==

At present, we can't make any statements at all about the integrity of the hardware before it reached us - assembled and ready.

We test and program the Alphas using a dedicated computer, but not in a secure facility by any means.
A concerned user is advised to reprogram the firmware with binaries built from source.

To provide some assurance the devices have not been tampered with after they have been programmed we put them in sealed bags with individual serial numbers.

As the model of bags might change over time, we will publish photos of the bags used here as well as PGP signed statements for what serial numbers can be expected.
At this time, we do not keep records of which exact unit was sent to whom.



This is a picture of the currently used bags:

[[Image(Alpha_tamper_bag_2016-12-16.png, 640px)]]



{{{
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

At 2016-12-16, I put Cryptech Alpha units into sealed bags with the
following serial numbers:

  26 0 027 233 507
  26 0 027 233 508
  26 0 027 233 509
  26 0 027 233 510
  26 0 027 233 511
  26 0 027 233 512
  26 0 027 233 513
  26 0 027 233 514
  26 0 027 233 515
  26 0 027 233 516
  26 0 027 233 517
  26 0 027 233 518
  26 0 027 233 519
  26 0 027 233 520
  26 0 027 233 521
  26 0 027 233 522
  26 0 027 233 523
  26 0 027 233 524
  26 0 027 233 525
  26 0 027 233 526

/Fredrik
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCgAGBQJYU/MVAAoJEBmMGv1QUVLd+2gH/jLZ7aUGlZ+Iwj6b746Hh6u1
2JAZ+2tk5tRooTwNb4A5P3ewRcbjA0jPJQQlpVqZcxdt0DDjS16AR0LEaH2rWL++
sj/OtBm5rqAmVcf1NNvzpC8f8WWgRYhx4nNhWKnEcTBQXT9NbFQhQY0WH3ebupnn
8PK0mX8PpfsjM/3vxtVVLmi+vBsxv0hBcdl+t4IPw/UbzozicF6jZpxRXxVujTE6
WLGXaCnySS4T1zgtpewfgVMOMouGScUw5n2yHRZJpissGUVJtuPrOEmNFvDz7LRD
i00Rc4i2emsKTgKrkMIKyQWSqFIQ1nBUQ5B5ES1Q50432cppbyEW2rJJZjAuxgM=
=s2D5
-----END PGP SIGNATURE-----
}}}