Quote from: pine on September 09, 2012, 11:36 amQuote from: LouisCyphre on September 09, 2012, 11:05 amYou're making the assumption that data needs to be transferred bidirectionally across the air gap. The purpose of this software is to parse data in the SR order table and produce printed labels or envelopes. Once the data is transferred from the system accessing Tor and SR to one with no connectivity except to a printer, there is no requirement to transfer any data back at all.Once the printing, packaging and posting is done the vendor just logs back into SR and updates the order status as normal.Splendid idea in terms of security, separating PGP public keys from PGP private keys on two different machines. But I've yet to hear from these hordes of Air Gap using vendors. They are a figment of your imagination so far as I can see. Quote from: pine on September 09, 2012, 11:36 amBecause you know, I thought this software was to aid the business of decrypting addresses, not upgrading the vendor's operation security to be using Air Gaps.It is. The sole purpose of the software is to take data, decrypt as necessary and rewrite the data for printing.Quote from: pine on September 09, 2012, 11:36 amI'm pretty sure this only occurred to you inside this thread, you admit the use of Air Gaps was not part of the original plan, right? It's not in your advertisement anywhere. This was an afterthought. Is that something you're able to admit? If you're not going to update your advertisement it's just this thought experiment you had this one time.The original concept, which has not changed, is to provide a streamlined method of getting data from SR to a printer. The code does not make any network connections whether a network is available or not. I don't really care personally whether someone employs an air gap or not, that's up to them.The air gap idea only entered the discussion when you and Kmf started trying to demonstrate how an exploit could work if there was not an air gap in place. Which is when I pointed out that if networked code was included an error would be generated if a network was not available. I then pointed out that if an air gap was used and no error message was triggered then it would go some way to proving that it didn't try to open a socket anywhere.Now that only goes some way towards the proof, because it is possible to write code to redirect all the output to the bit bucket. Here's an example from stackoverflow.com of how to do that:Code: [Select]import sysclass DevNull:  def write(self, msg):    passsys.stderr = DevNull()The easy way to spot that, though, without even reading the code is to run any of the code with files missing (e.g. the CSV files). If the Python traceback messages appear complaining about the files being missing then stderr is not being rewritten.Since I used traceback errors during development with the original vendor, that's a good indication that I didn't use the above or anything like it. Still, I don't expect you to believe that, I'm just mentioning it because it happened.Quote from: pine on September 09, 2012, 11:36 amSince using Air Gaps is so simple, your customers should have no trouble going over this new paradigm according to you. Amongst other things, I contest that, it's rather exotic thing you're expecting us to believe.I don't really care whether they do or they don't. I've only used an air gap as an example of a system configuration with no network access when attempting to explain that the code does not need network access and contains no exploit which would need one.That said, encouraging vendors to use an air gap is worthwhile.Quote from: pine on September 09, 2012, 11:36 amI cannot comprehend how your customers are expected to adopt tippy top best practices, when the real security vulnerabilities lie with trusting yourself. Your No.1 goal should be removing the necessity of trusting LouisCyphre and replacing it with cryptographic forms of trust from the outset.Well, customers will receive a gzipped tarball or zip file that is encrypted to them, encrypted to me and signed by me so that they can be sure that what I send them really does come from me. Checksums won't help as much as you think, except to help me prove that any code that someone obtains from me and posts here really is what I am selling.As for trusting me, or not, I never claimed that they should. Which is why I wrote the code in a way that enables it to be run on an unconnected system. Physical trust beats cryptographic trust every time.