> Oh, quite the contrary. It just forces the attacker to get clever. If your server only sends data through an "outgoing data diode", then it does not expose any entry point (you just disable all services : no SSH, no ping, no HTTP... nothing). There is no way you can establish a connection to the server. How can you hack a server if you have absolutely no way to access it from the outside ? It seems just impossible.
Now if you also use an "incoming data diode" to receive data, then you have no direct feedback. The only feedback you get is through the "outgoing data diode." It will be very difficult to get information about the server internals in this condition. Imagine : you have a black box and you try to model it from indirect feedback. Although it is theoretically possible, it would be very difficult. All depends on the resources you are intended to spend... Is the game worth the candle? To make this task even harder, you can make the feedback very difficult to analyze. For example, you can voluntarily introduce randomness. GNUNET does it, for example. When you send a message to a node, you also send "fake" messages to many other nodes (chosen at random). A spy (man in the middle) could not distinguish between "fake" and "real" messages... You can although randomly delay the responses : measuring duration between responses won't give any usable information. These are just examples. You can think of many ways to make life harder to a "malicious man in the middle" that tries to reverse engineer your system by collecting and analyzing data collected by observing your black box. Denis Le mar. 28 juil. 2020 à 21:59, Robert J. Hansen <r...@sixdemonbag.org> a écrit : > > Have you heard about data diodes ? If not, then you can read this > > document > > < > https://owlcyberdefense.com/blog/what-is-data-diode-technology-how-does-it-work/ > >. > > Strange but true: although I can't claim to have been on the research > team that invented the data diode, I *was* on the research team that > invented the first cheap optical data diode. We packaged it up into an > Altoids tin. Total materials cost was under $100, and most of that was > spent on the custom PCB. > > > Data diodes are unhackable because it relies on the law of physics... > > Oh, quite the contrary. It just forces the attacker to get clever. > > Our paper from 2006: > > > https://www.usenix.org/legacy/event/evt06/tech/full_papers/jones/jones_html/index.html > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
