(github.com)

81 points DoctorFreeman | 1 comments | 11 Dec 25 09:46 UTC | HN request time: 0.199s | source

If you have heard of [Haven](https://github.com/guardianproject/haven), then Tripwire fills in the void for a robust anti evil maid solution after Haven went dormant.

The GitHub repo describes both the concept and the setup process in great details. For a quick overview, read up to the demo video.

There is also a presentation of Tripwire available on the Counter Surveil podcast: https://www.youtube.com/watch?v=s-wPrOTm5qo

Show context

neuralkoi ◴[12 Dec 25 13:44 UTC] No.46244062[source]▶

>>46229437 (OP) #

The author did an excellent job explaining what an evil maid attack is, but a very poor job of explaining how their proposal mitigates such attack.

I think the classic "Detecting unauthorized physical access with beans, lentils and colored rice" [0] approach is simpler to understand and simpler to implement. It doesn't rely on any hardware, such as a Raspberry Pi or otherwise technology which can be more easily subject to scrutiny via Ken Thompson's "Reflections on Trusting Trust".

[0] https://dys2p.com/en/2021-12-tamper-evident-protection.html

replies(4): >>46244395 #>>46245475 #>>46245903 #>>46251916 #

1. DoctorFreeman ◴[13 Dec 25 04:11 UTC] No.46251916[source]▶

>>46244062 #

Thanks for the feedback. My guess is that the part about destroying the random secrets is easier to understand, but the later part about a key pair and how its signing of the photo log can help with a persistent network outage is harder to understand? It does need a specific mental picture to see how it makes sense. I'll try to have more diagrams to explain.

But yeah the "random mosaic" with rice and beans is a great defense. My view is that these together can form a defense in-depth.

↑

Show HN: Tripwire: A new anti evil maid defense