This open-source personal crypto-key vault wants two things: To make the web safer ... and your donations

Cryptech in need of funds

An open-source hardware project aimed at making the internet "a little bit safer" needs an influx of cash to continue its work.

The Cryptech effort was created following revelations from NSA whistleblower Edward Snowden that the US government and its pals are exploiting standards and weak crypto algorithms to gain access to citizens' private correspondence and documents.

In response, a group of engineers decided there needed to be an open-source hardware engine that could provide strong and reliable encryption and decryption for email, plus public-private key cryptography for all sorts of things from digitally signing messages and files to DNSSEC.

"Recent revelations have called into question the integrity of some of the implementations of basic cryptographic functions and devices used to secure communications on the Internet," the team wrote earlier this year.

"There are serious questions about algorithms and about implementations of those algorithms in software and particularly hardware.

"The algorithmic issues are in the domain of the heavy math cryptography folk. But we must also deal with the implementation issues. We therefore are embarking on development of an open-source hardware cryptographic engine that meets the needs of high-assurance internet infrastructure systems that use cryptography.

"The open-source hardware cryptographic engine must be of general use to the broad internet community, covering needs such as secure email, web, DNS, PKIs, etc."

Cryptech's goal is to develop an inexpensive ARM-powered Hardware Security Module (HSM) that can store cryptokeys and act as a signing engine to establish the authenticity of digital content.

The idea is you store a secret key in the module, which is designed to never intentionally (and, ideally, never accidentally) disclose that key. Rather, you tell the module to, for example, sign some data using that secret key; people can use your public key and that signature to verify that particular data really came from you, and has not been tampered with in transit.

The Cryptech HSM will use USB to communicate with your computer. To avoid attacks on the USB controller spreading to the HSM's CPU, the USB connection is terminated at the on-board single-purpose controller chip, which sends commands and data and receives a reply from the CPU over a serial bus. This means if you're able to compromise the USB chip, you can't directly access the main processor's memory to extract the secret keys.

The Cryptech prototype uses a Novena single-board computer with an ARM Cortex-A9 system-on-chip (SoC) and an Xilinx field-programmable gate array (FPGA). The team has implemented SHA-512, SHA-256, AES and other algorithms in the programmable array, and a true random number generator fed with noise from onboard electronics – this is essential for providing strong cryptography.

While the group has made steady progress, it apparently needs more money to continue its work, and is appealing for donations: the team wants to move beyond its Novena development board, and build Alpha prototypes by the summer.

So far, big names including Google and Comcast (yes, Comcast, apparently) have contributed up to a maximum of $100,000 each (a per-donor limit imposed to prevent any one organization from gaining undue influence over the project). A range of other internet organizations have also contributed, including the Internet Society, domain registry Afilias, and IP allocation organization RIPE.

If you're interested in learning more, the project's website is at cryptech.is, its wiki with more details and information is over at wiki.cryptech.is and its BSD-licensed source code is here. ®




Biting the hand that feeds IT © 1998–2018