USB ID and the repositoryFor some unknown reason, the maintainer has not yet registered our official USB ID to the database (for years).
Today, I digged up the files (of physical papers), and found this one which was sent by FAX.
I wonder if it's enough evidence to be registered to the repo.
Export ControlI still remember that we had "non-us" section in Debian.
It was due to the export control.
Last month, I bought parts for USB flash memory in China (via TaoBao), to evaluate USB PCB design. But, due to an export control which prohibits exporting illegal content (copyright-wise and anti-china?), it was unable to deliver to Japan.
I had known that CD cannot be exported from China, but I didn't know USB flash too.
CVE-2018-0495I learned that OpenSSL has a practice not to assign CVE for side channel attack to localhost.
When I asked an allocation from Debian pool, my intention was one for libgcrypt. Then, reporter used it for multiple vulnerabilities among different libraries.
Communication to Foreign CountryInstalling "Taobao-lite" to my Xiaomi phone, I managed to order some electric parts. I used Chinese input method of hand writing.
It reminds me late 80's and early 90's when I was struggled to order T-shirt from FSF, using FAX.
Tiny USB shellI learned that there are common shell designs for Tiny USB shell (for WiFi or Blooth adoptor).
We can design PCB for those shells.
Metal enclosure and internal USB PCBThis is the one which I have an interest.
Finally, I found the connecter for this design:
It seems that the design is originated by Sony Vaio USB flash.
And compatible part is available for this design:
USB PCB design for USB flash or USB keyIn China, "semiproduct" is available even to individuals.
While I'm considering updating my USB PCB design, I realized that there are something like "de fact" standard; Here is the one which originates Kingston DT101G2 (I suppose).
Compatible enclosures for DT101G2 is available at taobao.com. But actually, there are two different PCB standards for that. This is the one, and I'm going to put another in the next post.
Subway Line #4Since train was on strike, my selection to CDG was "le bus direct". I bought the ticket on-line beforehand. I thought that I had well prepared.
The funny thing was, in the morning, when I went to the subway station to Montparnasse, it found that the line stopped from that day (May 19th). I turned to another station of line #13.
I had a talk (GnuPG + Gnuk Token) and a workshop with FST-01. https://hackarnaval.online
It was my surprise, in Paris, people accept things don't work. Vending machine not accepting credit card, subwey gate denying to accept tickets, and drivers/officers (for public transportation) being on strike, etc.
(This is my first visit to Paris.)
GPG4Win statement on Efail research
Effective Hype or Ehype
Recently, "security researchers" seem to adopt/develop strategy to cheat media people to get maximum attention (only providing technically "correct" things which impress people, while they don't give enough information for the impact, which is actually not that big).
Given the situation that it's not well coordinated to upstream(s) involved, I'd say it's a kind of "MitM" attack. I'm sad that national CERT didn't worked well this time.
I observed that some industries love even fake news, because people's attention is so important for them to maximize flow. So, it's difficult to stop this fashion, I suppose.
I wish "social engineering" researchers doing some research for this strategy. I would call it Ehype.
UDP stands for "USB Disk in Package"For me, it's "User Datagram Protocol".
I learned that small factor USB flash drive now uses new production technology: PIP (Product in package).
Gnuk runs on GD32F103 @ 96MHz
I managed to run Gnuk on GD32F103, with some fixes. It takes 6 seconds for RSA4096. For 100 invocations of gpg --decrypt with cv25519, it takes 7.5 second (for STM32F103 @ 72MHz, it takes 21 second). For 100 invocations of gpg --detach-sign with ed25519, it takes 4.4 second (for STM32F103 @72MHz, it takes 10 second).
GnuPG 2.2.6 releasedThis release include --card-edit/kdf-setup subcommand to setup KDF Data Object on Gnuk Token (and newer OpenPGPcard).
We can use this feature to lower the risk for some invasive attacks.