The Phuctored and the Phucked

(8/16 Update: 113 moduli.)

Phuctor has been under lightweight but rather reliable DDOS in recent times, so here is a mirror of the list of 106 moduli broken up through the time of this writing.

Certain professional idiots have been bashing their heads against the wall in a futile effort to magic away the past.  To them, my message is:

  1. It won’t work.
  2. Go to hell.
  3. The data set is in permanent public record.  Go ahead, keep censoring SKS mirrors.  We still have the originals.
  4. We will discover who planted the diddled keys, when, and why.

If your name appears on the list (or the current version thereof), please write to Mircea Popescu or to me! (Please keep in mind that letters not bearing a PGP signature – the basic minimal standard for personhood on the Net – are likely to be ignored – or, alternatively, subjected to public display and ridicule for our amusement.)

Phuctor Broke Several RSA Keys.

(5/20 Update: This.)

(5/18 Update: Tired of the contemptible media disinformation and faux-reporting on this subject? For some fresh air, see Mircea’s article, ‘On how the factored 4096 RSA keys story was handled, and what it means to you.’)

Phuctor, “The RSA Supercollider,” is a long-term collaborative project of yours truly and Mircea Popescu.

I am pleased to announce that we have now broken a 4096-bit RSA key, as well as its factor-sharing counterpart (yet to be determined, but won’t wait for long!)

At five minutes prior to the time of this writing, another pair of keys has also been broken.  See Mircea’s site for updates.

Readers who wish to learn more about this project are invited to join Mircea, myself, and many other fine folks on Freenode in IRC channel #bitcoin-assets. Click here for a WWW-based gateway. Politely privmessage an “up please” to one of the regulars to get speaking rights.


Edits, Corrections:
1 ) Threads on Reddit, Hacker News. (5/18: If you care to read these, do it while they’re still up.)
2 ) Selected hate mail. Will update this section if any more contenders for this list should appear.
3 ) May 17 ~16:10 EST: Aaand we got another! A GNU developer, like the first. Which makes for six phuctorable keys, three of which are presently known to me.
4 ) Before joining the chorus of ‘Holy shit, they broke RSA!’ or ‘This is false advertising, they didn’t really do anything!’ imbeciles, please consider reading the (one whole page!) description of what Phuctor actually does.
5 ) If you are in the service of the enemy, and think that you can somehow prevent or retard the search for weak (weak for whatever reason! I don’t weaken them, only search…) fielded RSA keys, think again. The data set is public in its entirety, and the experiment can be replicated by a schoolboy with minimal sweat. Go ahead and remove the diddled keys from public servers, if you like. We have copies.
6 ) This is addressed to the same fine folks as #5. Your efforts to bury the story in FUD and hastily-concocted disinformation are riotously funny. Please carry on.
7 ) Consider getting your tech news from journalists who can spell. (Seriously, ‘Phunctor’ ?!)
8 ) (5/18) We found a number of moduli, including several pairs which share a large composite factor.  Stay tuned.
9 ) Folks who believe that ‘anyone can insert anything into SKS‘ are invited to replace my key there with their own.
10 ) (5/19) As of today, there are 10 broken moduli.

Practical Blockchain Telegraphy.

Mircea Popescu writes:

‘Now making an irc channel is quite the pleasant experience : you create something out of nothing, get to name it and are now the boss of it. For a generation devoid of proper “empire building” avenues, this is about as cool as it gets. So you can do anything you wish, right ? Your channel, your rules, that’s the deal! … But all is perhaps not quite right in this world. Driven by a deep seated intuition that perhaps no, perhaps this isn’t the deal, perhaps the whole charade’s an illusion, the kids in question move compulsively to test it. So they dump child porn or stolen bank credentials or whatever it is that’s taboo in the larger society they fear they might have failed to individuate from. … So how did the story end ? Why, with the Freenode admin pointing out that no, you can’t ban Freenode admins from your Freenode channel. Because while it is “yours”, it is nevertheless… a Freenode channel. And so the adventure came to an end, the kids weren’t interested in wasting time with the rotten foundation of pretend-ownership, and pretend-control and pretend-alodial, and Freenode wasn’t interested in wasting time with some users that were inclined to verify the limits of “your” and “yours”.’

At this point, the tale is familiar – in one form or another – to nearly everyone with an Internet connection. But, as Mr. P points out, we are now reasonably well-equipped to change the story’s ending:

‘So yes, because Bitcoin now I can have, if I feel like it, an irc network that works exactly the way those kids’ didn’t, a decade ago. They had no choice but to go home and cry about it, about their failure, about their dashed dreams and hopes, yet guess what : I do.’

The exact mechanics of this hypothetical network were left as ‘an exercise for the alert reader.’ Let’s explore one possible solution to the exercise!

What follows is perhaps the most obvious conceivable recipe using the ingredients at hand. The ’server’ and each ‘client’ need only a standard copy of ‘bitcoind.’ The clients – at least initially – will each need a certain amount of Bitcoin.

First, the engineering envelope – the smallest and largest useful transaction for this blockchain abuse.

Let’s start with the lower bound. Bitcoin transactions containing outputs of less than 0.01 are discouraged by the network (miners demand extra ‘fee’ to incorporate such a transaction into a block.) Hence all outputs must exceed the ‘dust constant.’

As for the upper bound: the Bitcoin protocol gives us 8 bytes for a transaction amount (in units of satoshi, 1×10^-8 BTC.) However, we cannot use all eight bytes for payload – unless the channel is to be inhabited solely by royalty.

So let’s pick an ‘amplitude’ range: an amount of 0.01001 to 0.01256 BTC for each individual byte of the payload.

But now we are faced with the fact that a Bitcoin transaction will only be incorporated into the blockchain in a timely manner if a ‘miner’s fee’ (traditionally, 0.01 or so) is included. So we do not want one transaction per byte of payload. Hence, an engineering compromise is suggested:

The ’server’ creates a ‘channel’ by generating a certain number (let’s say 32, but this is not a critical constant) of Bitcoin addresses (public/private key pairs) - A1A2, … AN.

Server and client alike decode messages by examining the Bitcoin blockchain and parsing out amounts sent to these addresses. No use is made of ‘exotica’ – i.e. human-readable fields of the Bitcoin transaction, and other ‘garbage’ that might conceivably end up pruned from the blockchain in the future.

The only distinction between the server and the clients is that the server is the fellow who has the private keys to the address array. The one and only responsibility of the server is to re-send the coins back to the originators (selectively! see below.)

What ideal value of N to pick for AN? This is left as an exercise for the alert reader. Consider that miner’s fees increase with ‘mass’.

A client may speak on the channel by emitting a transaction of the following form:

bitcoind sendmany “” ‘{”A1″:0.01256,”A2″:0.01256,”A3″:0.01256}’

This transmits the string 0xFFFFFF. If a string longer than N is to be transmitted, the address index must simply loop around. So, if we wish to ’speak’ the ascii string ‘foobar’:

bitcoind sendmany “” ‘{”A1″:0.01103,”A2″:0.01112,”A3″:0.01112}’

bitcoind sendmany “” ‘{”A1″:0.01099,”A2″:0.01098,”A3″:0.01115}’

Two transactions. If we assume a miner’s fee of 0.01 BTC included with each, the total cost of transmission is 0.08639 BTC (about $50 USD in today’s exchange rate.) Yes, 19th century ‘Western Union’ telegraph looks like a bargain by comparison. But see below.

We can easily anticipate the objection: “No one would speak on this telegraph – they would soon go broke.”

The answer: the channel operator would return the coin to the originating address. Not immediately, of course (minimizing transaction fees.) And, naturally, not to everyone – merely those who are welcome guests in the channel. Unwelcome guests (spammers, and bozos of any and all other species) will find that they have stumbled into a ruinously expensive waste of time – because they will never see their coin again. (What to do with the ‘bozo coin’ is for the operator to decide. He can buy beer with it, pay for his bandwidth, or parcel it out to the welcome guests – whatever pleases him.)

Thus, we have an automatic moderation mechanism. Likewise, we get cryptographically-strong identity ‘for free’ – originating addresses of the transactions become user identities (they can be matched with human-readable names in some agreed-upon fashion, e.g. using a magic ‘hello’ packet.) We likewise get a ‘free’ perpetual log of the channel conversations.

If the system is run as a closed loop, the only ultimate cost to the operator and clients is the accumulated miner’s fees – which can be minimized by choosing a large N for the address array, and by returning the coins to their originators in infrequent (e.g. weekly) parcels.

The mechanics of this ‘chat’ apparatus will encourage brevity – and perhaps, clarity of thought. Or, alternatively, it could easily degenerate into a kind of mournful ‘twitter.’ Only one way to find out…


One obvious criticism – ’slow.’ Sure, we can wait eight minutes for a confirmed transaction. Or we can parse immediately. Depends on one’s taste.

Tungsten Will Melt in Your Mouth!

But, of course – it won’t.

But let’s imagine that it were in someone’s financial – hell, geopolitical! interest – to convince the public that it will. The New York Times editorial might go like this: ‘you may have heard of tungsten, a metal, just like gallium; the latter, a favourite among stage magicians for melting at body temperature…’

Now, it is possible that accounts of luscious, easily-melted tungsten have yet to be printed in your friendly local fishwrapper merely on account of there being no one who wishes to pay for communicating this ‘fact’ to us. But I can’t help but suppose that there are other forces at work here.

Consider, for instance, the equally-factual statements Bitcoin can be counterfeited at will and has no use value’ – or ‘being pwned is an inevitable fact of life’, or…

Somewhere between ‘tungsten melts in your mouth’ and the above ‘facts,’ there lies a kind of boundary. A line which professional liars cross at their peril. If there is an accepted, traditional term for this, I should like to learn it.

Trilema 2014

I had the honour of being invited to Trilema 2014 in Timișoarawhere I exhibited a few completed gadgets.

Mircea Popescu - friend, co-author, host of the party.

Left: Mircea Popescu - friend, my project co-author, host of the party. RNG is running.

Popescu - helping me tell the story behind the exhibits.

Popescu - helping to tell the story behind the exhibits. And happily philosophizing about many other things.

Audience - other guests, who can name themselves if they feel like it.

Audience - other guests, who can name themselves if they feel like it.

More pictures at Mr. P’s site.

Comrade Ogilvy Nakamoto.

From the ‘Dear Idiots, ‘1984′ is Not a How-To Guide’ department:


He might turn the speech into the usual denunciation of traitors and thought-criminals, but that was a little too obvious, while to invent a victory at the front, or some triumph of over-production in the Ninth Three-Year Plan, might complicate the records too much. What was needed was a piece of pure fantasy. Suddenly there sprang into his mind, ready made as it were, the image of a certain Comrade Ogilvy, who had recently died in battle, in heroic circumstances. There were occasions when Big Brother devoted his Order for the Day to commemorating some humble, rank-and-file Party member whose life and death he held up as an example worthy to be followed. Today he should commemorate Comrade Ogilvy. It was true that there was no such person as Comrade Ogilvy, but a few lines of print and a couple of faked photographs would soon bring him into existence.

Winston thought for a moment, then pulled the speakwrite towards him and began dictating in Big Brother’s familiar style: a style at once military and pedantic, and, because of a trick of asking questions and then promptly answering them (‘What lessons do we learn from this fact, comrades? The lesson — which is also one of the fundamental principles of Ingsoc — that,’ etc., etc.), easy to imitate.

At the age of three Comrade Ogilvy had refused all toys except a drum, a sub-machine gun, and a model helicopter. At six — a year early, by a special relaxation of the rules — he had joined the Spies, at nine he had been a troop leader. At eleven he had denounced his uncle to the Thought Police after overhearing a conversation which appeared to him to have criminal tendencies. At seventeen he had been a district organizer of the Junior Anti-Sex League. At nineteen he had designed a hand-grenade which had been adopted by the Ministry of Peace and which, at its first trial, had killed thirty-one Eurasian prisoners in one burst. At twenty-three he had perished in action. Pursued by enemy jet planes while flying over the Indian Ocean with important despatches, he had weighted his body with his machine gun and leapt out of the helicopter into deep water, despatches and all — an end, said Big Brother, which it was impossible to contemplate without feelings of envy. Big Brother added a few remarks on the purity and single-mindedness of Comrade Ogilvy’s life. He was a total abstainer and a nonsmoker, had no recreations except a daily hour in the gymnasium, and had taken a vow of celibacy, believing marriage and the care of a family to be incompatible with a twenty-four-hour-a-day devotion to duty. He had no subjects of conversation except the principles of Ingsoc, and no aim in life except the defeat of the Eurasian enemy and the hunting-down of spies, saboteurs, thought-criminals, and traitors generally.

Winston debated with himself whether to award Comrade Ogilvy the Order of Conspicuous Merit: in the end he decided against it because of the unnecessary cross-referencing that it would entail.

… Comrade Ogilvy, unimagined an hour ago, was now a fact. It struck him as curious that you could create dead men but not living ones. Comrade Ogilvy, who had never existed in the present, now existed in the past, and when once the act of forgery was forgotten, he would exist just as authentically, and upon the same evidence, as Charlemagne or Julius Caesar.’

‘1984.’ George Orwell.


‘He’s wearing a rumpled T-shirt, old blue jeans and white gym socks, without shoes, like he has left the house in a hurry. His hair is unkempt, and he has the thousand-mile stare of someone who has gone weeks without sleep. …

Nakamoto did not get along with his stepfather, but his aptitude for math and science was evident from an early age, says Arthur, who also notes, “He is fickle and has very weird hobbies.”

Just after graduating college, Nakamoto went to work on defense and electronics communications for Hughes Aircraft in southern California. “That was just the beginning,” says Arthur, who also worked at Hughes. “He is the only person I have ever known to show up for a job interview and tell the interviewer he’s an idiot – and then prove it.” …

Two weeks before our meeting in Temple City, I struck up an email correspondence with Satoshi Nakamoto, mostly discussing his interest in upgrading and modifying model steam trains with computer-aided design technologies. I obtained Nakamoto’s email through a company he buys model trains from.

He has been buying train parts from Japan and England since he was a teenager, saying, “I do machining myself, manual lathe, mill, surface grinders.”

The process also requires a good amount of math, something at which Nakamoto – and his entire family – excels. The eldest of three brothers who all work in engineering and technical fields, Nakamoto graduated from California State Polytechnic University in Pomona, Calif., with a degree in physics. But unlike his brothers, his circuitous career path is very hard to trace. …

Dorian S. Nakamoto’s use of English, she says, was likely influenced by his lifelong interest in collecting model trains, many of which he imported from England as a teenager while he was still learning English.

Mitchell suspects Nakamoto’s initial interest in creating a digital currency that could be used anywhere in the world may have stemmed from his frustration with bank fees and high exchange rates when he was sending international wires to England to buy model trains. “He would always complain about that,” she says. “I would not say he writes flawless English. He will pick up words and mix the spellings.” …

“He is very wary of government interference in general,” she says. “When I was little, there was a game we used to play. He would say, ‘Pretend the government agencies are coming after you.’ And I would hide in the closet.” ‘

‘The Face Behind Bitcoin.’ Leah McGrath Goodman. (Newsweek.)

Modern Chumpatronic Engineering.


A reader recently asked me to comment on the demise of MtGox and its implications for Bitcoin enthusiasts.

I refused to do so, on account of the MtGox scam having been thoroughly beaten to death elsewhere – long before the recent and final convulsive fit people erroneously describe as ‘its demise.’ – The unwashed masses, eager to be fleeced, have no plans to listen now, just as they did not listen then.

So, instead, I wrote this.


In the English-speaking world, the period of lawless bacchanalia “enjoyed” by millions of people in the decade following the Soviet collapse is sometimes called the “Roaring ’90s.” 1

Just as much of the nautical terminology used by modern sailors was born during the famed “age of sail,” an epoch of “bold and free experiments” in the fields of… fraud, corruption, murder – likewise gave us a wealth of new “terms of art.”

Useful, catchy words for the defining concepts of an era tend to migrate, slowly but surely, across cultural and linguistic boundaries. But, since words are not themselves alive, they cannot do it without some help. So, like many other people, I intend to do my fair bit to help them.

You have already met our old friend, rectothermal cryptoanalysis. (I should hope – in the written word, rather than in person!) Now meet the Chumpatron (Лохотрон) – a short and self-documenting term, encompassing a variety of concepts essential to the daily life of modern man.

A chumpatron is not necessarily a physical contrivance, like a cyclotron. Although it can be. Modern, state-of-the-art chumpatrons tend to rely heavily on automatic machinery. But the machinery alone never suffices, for its operator must always take care to bring the machine fuel. That is to say, chump (Лох.) To be fair, chumps are not the fuel per se – merely the containers in which fuel is packaged and transported.

The fuel of a chumpatron is not necessarily money, as a naive reader might suppose. It could be something else entirely. But more often than not, it is something that, when reprocessed (perhaps in another kind of chumpatron) can be alchemically-converted into wealth. The chumps, as we noted above, are not necessarily consumed when the fuel is burned – being mere containers; and containers are often re-usable! In fact, these particular containers have arms, legs, and rudimentary nervous systems – and will, if correctly cared for, amble about the world semi-autonomously and gather more… fuel for the chumpatron.

A chumpatron, given as it converts human beings, their labour, hopes, aspirations, etc. into something tangible and useful for its master can easily be confused with other types of machines. Say, a biodiesel fermenter. But it is not the same thing! Anyone with the ill-fortune to end up in a biodiesel reactor will be fermented. But there is nothing fortuitous or accidental about ending up in a chumpatron.

The defining attribute of a chumpatron is that it does not run on just any kind of human being, but on chumps in particular. A conquering war-machine which practices ordinary, traditional enslavement of the conquered (with or without reprocessing into biodiesel!) is therefore not a chumpatron. The fuel-containers for a chumpatron carry out their duties on their own free will.

The chumpatron is more usefully-specific concept than the ordinary English word “scam” – because it implies an automatic, mechanical regularity to the workings of the people-to-resource converter. This is a considerable improvement on mere scamming – which is a somewhat unreliable, labour-intensive, and, more importantly – risky – affair. The perpetrator of an ordinary scam, should he fail to abscond with the proceeds in a timely manner, is liable to face some angry victims and perhaps some sharp pointed sticks. The operator of a chumpatron, on the other hand, can operate the mechanism by remote control. The highest grade of Chumpatronic Engineer can even make use of chumps directly in the machine’s control system, thoroughly shielding himself from the inevitably hot, fast-moving fragments of an exploding chumpatron (perhaps the only well-known, established fact about chumpatrons is: they tend to explode. Though almost never without some warning.)

When chumps find their way into a chumpatron, they tend to emit a variety of crunching and squeaking noises, as the gears turn, grind, and empty them of their useful contents. If you are not yet in the gears, have not yet been emptied – and would like to stay out, and remain full – you can try to learn something from these noises. But it will be, by and large, a waste of time. Don’t listen to the noises. Instead, learn from other people. For example, from people who have stood near the hopper, but at a safe distance – and have not wound up inside despite the mighty suction of the intake manifold.

One could spend years in the study and cataloging of chumpatrons. And others have done this, and you, dear reader, are invited to learn from them. One such man is the well-known Dmitri Orlov. Whether or not you agree with his uncommonly poor health prognosis for modern civilization, his analysis of today’s subject – how chumps find their way into a chumpatron – is worth considering:

“…the first hurdle, for many people, is in understanding what trust actually is, because there is no innate human quality called trustworthiness, possessed by some people, lacking in others. Rather, it is more along the lines of a generalization concerning a given individual’s behavior over time, within a given relationship. Trust is transactional: a person needs a reason to trust you, and you need a reason to trust that person. There is, however, such a quality as trustfulness: this is the property of small children, tame animals and, most unfortunately for them, many regular, salt-of-the-earth, mainstream Americans. It is of negative survival value in the context of financial collapse. It is being exhibited for all to see by some of the people who recently lost money when MF Global stole it to cover some private bets it had made. They licked their wounds, complained bitterly, and then…went looking for another financial company—to be taken advantage of again. Since the head of MF Global wasn’t punished, why wouldn’t another company do the same to them, knowing that it can do so with impunity? There also seems to be a certain set of traits possessed in abundance by a category of highly effective American financial operators that makes it easy for them to prey on trustful people. It may be the suits they wear, or the English they speak or their general demeanor—let us call it “trustiness,” to go along with the “truthiness” of their financial disclosures. Deep down, trustful people feel privileged to be robbed by such superior specimens. The predator-prey relationship has been honed to the fine point of a pen: told to sign their life away on the dotted line, the besotted, trustful American gulps quietly—and signs.”

Dmitri Orlov, “The Five Stages of Collapse.”

“…we need a word that describes the artifacts generated in response to irrational actors who demand to be fooled. As the old saying goes, “A fool and his money are soon parted” – at the fool’s own insistence, no less! If the deer comes out of the forest and walks up to the hunter, it is not proper hunting, and this is not proper con artistry or grift or embezzlement or any other term we use to describe proper works of evil. If the victim, at the sight of the economic predator, goes into doggie submission, we must stop discussing the phenomenon in terms of conflict and consider whether what we are observing might be some strange instance of symbiosis.”

Dmitri Orlov, “Welcome to Fuffland!”

If you have read this far, and happen to be one of the people who suffered from the collapse of MtGox, learn to recognize yourself in Mr. Orlov’s zoological portrait.

Given as falling into a chumpatron is entirely voluntary, you can easily opt out of doing so if you can 1) decide that you do not want to, and 2) learn to distinguish the business end (hopper) of an operating chumpatron from your everyday surroundings (I should hope that there is, at the present time, a difference!)

For instance, was MtGox a proper, free-standing automatic chumpatron in its own right, implementing the entire “fuel cycle?” Or was it merely one component of a larger chumpatron? That is, a media machine which made sure that every glossy magazine page mentioning Bitcoin would take care to also mention “MtGox, the premier Bitcoin exchange…” And now that MtGox is gone, are you in search of a new, improved, glossier magazine, so that you can be introduced to a new MtGox, in which you can lose whatever remains of your coin?

Are you eager to trust your cryptographic private keys to some “trustworthy” fellow, by using Bitcoin “banks” – or otherwise?

If so, you are fuel, and you belong in a fuel tank. If you do not care to be fuel, use your gifts as an advanced living organism (e.g. nervous system) and learn to identify and evade your predators. You don’t even need a human brain for this – the brain of an insect will easily suffice. But you must use it.


  1. Perhaps there exists a more flavourful and/or historically-analogous translation of what those who lived through this period called it. But Americans, generally familiar with “The Roaring ’20s,” probably understand the basic idea. 

Mechanics of FLUXBABBITT.

The public discovery of FLUXBABBITT, a modestly-clever American spy gadget – that may or may not have been “fired in anger” yet – has provoked the usual flood of media garbage (“JTAG is a Chinese back door! Threat or menace?”) What follows is some basic investigation regarding the plausible workings of this device, based only on:

  • The leaked document itself.
  • A friend’s disassembled “Dell PowerEdge,” of several years’ vintage.
  • Intel’s published documentation for their “XDP” port.

Here is the port in question:

XDP socket in Dell PowerEdge - Depopulated.

XDP socket in Dell PowerEdge - Depopulated.

If you doubt your lying eyes, run – not walk – to your server closet and pop a Dell machine of recent manufacture. Remove the cooling duct cover. Look near the rear or front-most edge of the motherboard. You will find a similar picture.

But, threat or menace? Let’s find out; straight from the horse’s mouth:

3.10 Depopulating XDP for Production Units

At some point there may be a desire to remove the debug port from production units. It is recommended that the port real-estate and pads remain in place if they need to be populated for a future problem. Depopulate all physical devices (connector, termination resistors, jumpers) except: Termination of OBSFN_x[0:1] / BPM[4:5]# / PREQ#, PRDY#; Termination of TCK; Termination of TDI; Termination of TMS; Termination of TRSTn.

Intel Corp., “Debug Port Design Guide for UP/DP Systems.” p. 24.

Not exactly a bog-standard JTAG port (there is, in fact no particular standard for the socket, really; only for the bottom layer of the protocol) – from here you can access CPU registers, view and edit the contents of memory, issue bus read/write cycles, etc. AMD includes a similar (though incompatible) port in some of its products.

Presumably, FLUXBABBIT injects a little bit of nasty directly into RAM at boot time – quite like a traditional MBR infector. The somewhat-exotic delivery mechanism is there to counter a possible audit of the system firmware. (Why this audit would not be expected to include a basic physical inspection of the machine’s internals is a question that should be asked of our dear friends at Ft. Meade, not me.)

JTAG and other debug connectors are routinely found in mass-market products. The manufacturer often succumbs to the temptation of shaving a few pennies of unit cost by omitting the actual connector. This is what the leaked document refers to as “depopulated” (in fact, a standard term-of-art in electronics manufacture.)

The only thing even vaguely suspicious about Dell’s particular phantom debug port is: the pre-tinned solder pads. This could, however, be a mere artifact of the plating process undergone by the motherboard, rather than a deliberate helping hand for our favourite intelligence agency. (Attaching the missing connector would take all of five minutes for a fellow with a steady hand, a solder paste stencil, and a hot air machine – with or without pre-tinned pads.)

And regarding the doings of spies in general: there is really no limit as to what can be done to a physically-molested computer. Focusing on this particular feature is just the kind of tunnel-vision typical of the Computer Insecurity community.

If you’re wondering why there is no FLUXBABBIT in your own Dell, take comfort: the product is almost certainly obsolete. That is, rendered obsolete by “pwning” at design time. Physical molestation is reserved for archaic or otherwise uncooperative machinery.

Cardano Prototype Tidbits: TRNG Boards.

Cardano is a joint project of yours truly and Mircea Popescu. The objective: an inexpensive, user-auditable gadget which attempts to deal with the problem discussed in “Don’t Blame the Mice.” Refer to Mr. Popescu’s page for more details.

The device consists of a mainboard (not yet complete) to which two TRNG modules, containing two equivalent analog TRNG circuits (outputs subsequently XOR-ed) each, are connected. (First prototype of this type of TRNG is shown here. It contained one circuit of the kind used in the current version. Statistical analysis of the output for that unit can be seen here.) The design of this and other Cardano components will be documented in excruciating detail and published after the product goes on sale.

Some prototype tidbits! Click on the images to enlarge:

SMT reflow using an ordinary Electric Hob.

SMT reflow using solder paste on an ordinary Electric Hob.

Five units, complete except for header and shield anchor. Ready for Bed of Nails test rig.

Five units, complete except for header and shield anchor. Ready for Bed of Nails test rig.

Inspection under Microscope (actually a very spiffy stereo scope, but naturally you cant see this here.)

Inspection under Microscope (actually a very spiffy stereo scope, but naturally you can't see this here.)

Wanted: FLUXBABBITT.

By now, I imagine everyone with the slightest inkling of an interest in electronics has seen this scandalous tidbit:

The widget in question, two variants.

The widget in question, two variants.

To anyone who has received this generous gift from his Government, I offer:

4 Bitcoin for either of the above, in working condition. 1 Bitcoin for a dead or untestable unit.

Serious inquiries only! Please attach two high-res photographs of your unit; one where it sits in its socket, and another, sitting on a white sheet of paper.