[Cerowrt-devel] security guidelines for home routers

[Jonathan Morton]

> On 27 Nov, 2018, at 1:07 pm, Mikael Abrahamsson <swmike at swm.pp.se> wrote:
> 
> So we need to come up with a security regime that makes sense for the most amount of people, and then try to still cater to the ones who want to do more/less.

For most people, I think the "floppy disk" security model is usually appropriate - you can take your data out of your computer and put it in your pocket, where nobody can read it without physically stealing it from you first.  Unfortunately it's hard to apply using modern technology and paradigms, which try to move your data out of your house entirely, for "convenience" (and to trawl through it for great profitssss).

This is also, for example, why IoT devices and voting machines built using modern technology are perpetually insecure and unsecurable.

Currently, the easiest way to build a machine that's *truly* secure is to take something like a 6502 (which is still being manufactured by WDC) and associated 74AHC-series logic chips, SRAMs and EEPROMs, a 4-layer PCBs, all of which are built on crude enough technology to be physically examined for backdoor devices in an airport-grade X-ray machine if necessary.  Then write the necessary software in assembly, which can be translated to machine code (or at least verified) by hand if you're truly paranoid, and toggle it in byte by byte on the front panel.

Good luck getting a web browser running on one of those, though.

 - Jonathan Morton