Note: For every Orthrus sold, $5 will be donated to the EFF to support the right of everyone to have and use strong encryption. What is it? Orthrus is a way to securely store data in two parts such...Read More…
For every Orthrus sold, $5 will be donated to the EFF to support the right of everyone to have and use strong encryption.
Orthrus is a way to securely store data in two parts such that separately each part is useless, but together the data is available. It uses world-class cryptography without the need to manage or safeguard any secrets.
It is a board with two microSD card sockets and a microUSB socket. You connect the USB end up to a host with a standard cable and it looks like a normal USB mass storage device. When you insert two cards and initialize them with the on-board button, the two become an encrypted RAID-0 volume with the key material for the encryption spread between the two cards. If you remove one of the two cards, you'll find that all of the data on it is encrypted. If you have possession of one of the cards, you have half the data encrypted with a key you can't reconstruct.
In order to create cryptographically strong keys, a true random entropy generator is used. The result should be truly unpredictable keys every time.
Orthrus has no passwords or other built-in security. When two matched cards are inserted, it behaves exactly like any other USB mass storage device.
Orthrus comes as an assembled and programmed board. Two SDHC or SDXC microSD cards and a USB microB cable are required and not included.
Optionally, Orthrus can be purchased installed in a laser cut acrylic case with security seals. The seals and case prevent an adversary from erasing the firmware and replacing it without it being obvious that the case has been breached. To facilitate field firmware updates, replacement security seals are available here.
There are many use cases that Orthrus facilitates easily. If you have a dataset over which you wish to maintain "two man control," then you can simply copy it onto an Orthrus volume and give the two cards to two people confident that by themselves each of them can't do anything. Or if you wanted to send data through the mail, you could dispatch each card separately confident that the data could not be inspected in transit.
If one card is lost, you can simply reinitialize or destroy the other card confident in the knowledge that if the first card is discovered by an adversary, they could make no use of it.
Orthrus volumes are encrypted with AES-256 XEX mode, with each card's nonce being stored on the opposite card. The nonce is also perturbed by the block number being read or written, so each block's cryptostream is unique. In addition, the AES key for the volume is derived with 256 bits of key data stored on each card and another 512 bits of common data using AES-CMAC-PRF. This common data insures that two mismatched cards cannot be inserted (unless reinitialized). Each card is further marked with an "A" or "B" bit so that you can insert the cards in the "wrong" slots and Orthrus will still figure it out and do the right thing. An adversary attempting to reconstruct half of the data from one card would need to derive 352 bits of key material in total, which is a number of possibilities on the order of a 9 with 105 zeros after it. Orthrus' firmware is open-source so that anyone can examine it for weaknesses (intentional or otherwise). Baring a breakthrough in cryptanalysis, Orthrus' crypto-system should be resilient enough to force adversaries to find other avenues of attack.
Orthrus is a high-speed (480 Mb/s) USB device. It generally achieves a read throughput of around 1.33 MB/sec (megabytes per second). It accepts SDHC or SDXC microSD cards.
Due to U.S. export restrictions, Orthrus is not for sale outside of the United States and Canada.
|Shipping Rate||First item||Additional items|
United States Postal Service: Free first class shipping!
Patrickt | Oct. 10, 2017
We recognize our top users by making them a Tindarian. Tindarians have access to secret & unreleased features.
We look for the most active & best members of the Tindie community, and invite them to join. There isn't a selection process or form to fill out. The only way to become a Tindarian is by being a nice & active member of the Tindie community!
I design and build small, useful electronic things. I started in 2013 after leasing an electric car and deciding that I could build my own charging station. Since then, I've gone on to design lots of things to fill particular needs.
The name of my store is partly a nod to Arduino's Italian roots, since Arduino got me into microcontroller engineering, and that led to everything else. I also like the image of Geppetto, working away in his workshop making little things that come to life.