121 lines
4.7 KiB
Plaintext
121 lines
4.7 KiB
Plaintext
|
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA256
|
|
|
|
Powers of Tau Operational Write-up
|
|
==================================
|
|
|
|
Round: 18
|
|
Date: 2017-11-25
|
|
Name: Neal Jayu
|
|
Location: Boston, Massachusetts, New England
|
|
|
|
Hashes
|
|
======
|
|
|
|
challenge:
|
|
c2d62e5fdff19023554f21d19b86490470ac9a2860094d10397c666f9c6fc652
|
|
|
|
response (blake2b & sha256):
|
|
ef15cb99 7c331928 855dd7ce 42ade214
|
|
3033be18 5be45f3e eac5b95b b12777db
|
|
582992b0 a862c92a 1cba4e95 044c52f5
|
|
de857776 31462a0d c51d7a4f 846b9d7e
|
|
122efac62a11da143dca24e5facd33cf61ff2597e65aa4ff09aae89fe838c045
|
|
|
|
powersoftau-master.zip:
|
|
3a6db71b0bb9d39c3f58f2d51388560ab92b139d5066eb9b66c30580262309d7147289fb598926a5d99779935b30411b075504b2ebd0488335c6e9df5bf80e00
|
|
|
|
rust-1.22.1-x86_64-unknown-linux-gnu.tar.gz:
|
|
0fd3776a7fd38cbcbffe8a257836f9f5c0d04762af3107b93b8860b98b6d92b0912b4668c973d9f647a7a74b4855a5680cab042c3389c6158efee1b4640a60de
|
|
|
|
debian-9.2.1-amd64-DVD-1.iso:
|
|
b7afe686f36f9e26ac0888ca341572d2bf1fbe70c50acb6af822cf9e04318e5a3f974ebdfd91e1706758f0f2aa1a332462f3d74ecdaf69f0061849ac595e67df
|
|
|
|
Procedure
|
|
=========
|
|
|
|
After downloading the aforementioned files to my daily Linux machine, I
|
|
checked each's sha256/512 sum against published values, or in the case
|
|
of the Rust standalone, recorded its sha512 sum and verified its
|
|
signature file against the project's PGP key from Keybase.
|
|
|
|
I burnt the Powers of Tau zip, Rust standalone installer, Debian ISO,
|
|
and Memtest86+ to DVD/CDs; and copied the challenge file to a SanDisk
|
|
USB drive.
|
|
|
|
On the compute node (see Side Channel Defences below), I booted from the
|
|
Debian DVD, installed it to a Samsung USB drive, then booted the machine
|
|
from the USB drive.
|
|
|
|
Rust and Powers of Tau were copied from CD. Both sums were re-checked on
|
|
the compute node. build-essential was installed from the Debian DVD.
|
|
|
|
I connected Ethernet to run `cargo run --release --bin new` in order to
|
|
download and configure dependencies. Ethernet was removed once complete,
|
|
and the resulting challenge file deleted.
|
|
|
|
The provided challenge file was copied over and computation began. As
|
|
input, I used the results of two minutes of 20-sided dice rolls,
|
|
followed by arbitrarily selected words from a book extolling the virtues
|
|
of laissez-faire capitalism.
|
|
|
|
One complete, a hash of the response file was taken, copied to the
|
|
SanDisk USB drive, then uploaded to the AWS bucket via my daily machine.
|
|
|
|
Side Channel Defences & Postprocessing
|
|
======================================
|
|
|
|
The compute node was a disused 7-year-old Lenovo Thinkpad T420 borrowed
|
|
from a friend without foreknowledge of my intentions for it.
|
|
|
|
I removed the hard drive prior to booting the laptop. Although I did not
|
|
have permission to remove its radio devices, I activated its hardware
|
|
switch which purportedly disabled them.
|
|
|
|
Further, during the installation of the Debian instance onto the Samsung
|
|
USB drive, I declined to install drivers for the machine's wireless devices.
|
|
|
|
The computation was performed within living quarters with no particular
|
|
precautions taken save for watching Voyager at formidable volume and
|
|
inaudibly typing the entropy sources.
|
|
|
|
After copying the response file and Blake hash to the SanDisk USB drive,
|
|
I powered off the laptop and booted into the Memtest86+ CD. I allowed
|
|
Memtest to run for two full cycles (about 1.5 hours) then powered off.
|
|
|
|
I removed power and battery from the machine and intend to leave it
|
|
powered off for the foreseable future.
|
|
|
|
Archival
|
|
========
|
|
|
|
The Debian installation media, Powers of Tau repo, Rust toolchain, and
|
|
Memtest are on DVD/CDs which I've autographed.
|
|
|
|
The Samsung USB drive containing the Debian instance, and SanDisk USB
|
|
drive with challenge and response files (and their hashes), are both
|
|
LUKS-encrypted. As such, I don't expect these to be tampered with
|
|
following the operation.
|
|
|
|
I've sealed all five of the above media in a signed and sealed envelope,
|
|
which I've locked in a safe to which I alone posses the keys. They are
|
|
available to audit upon request.
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIxBAEBCAAbBQJaHPG6FBxuZWFsamF5dUBrZXliYXNlLmlvAAoJEEakC/1Nia+r
|
|
iBwP/RQi1HIiuDoGKq5Dqv8fNr/eGUztUM/x4le3bgennM0vAomIgRuqoEZz1ng0
|
|
JYG+jelUVzx3mSbnSnq68J3t2Nn/BEYyPGUacw1+Vp0pfJOPLQSDIwk9fXQ6tiqJ
|
|
862XXvSHdUzmcvw1+bRXqkDm+uHuMWja6DNfznle7u+1WAPU51Cef6efh5xpA0Mk
|
|
wBUx9eOkxNvTrUZuyfdclfn2ZoMAlPwN+Xtw1aS4LtT6bsxR4Vpm+GFk/l5gQHyX
|
|
8E4mcHfRp5V2Lis3bOTdUegbp7ZjRHjL/VaZeRjW3nqslzFk6cP2gp3rzylJNyID
|
|
guKt8hhGE92t/RXmAdkyn41mmHuao9dVus8ocdAtzRG49wqDQXcfBlj+3hUuGtJP
|
|
v2cj7qlW4JXdGWQZTBLOTfegGIt+juBWBgszGqmrVeVFQ6A0EBDliND7hl4nk5R/
|
|
FMCGr1CBcZmLiNvgKbKf1H4w5dyGWwBszrnZJSuIGUZLcaPDKO8xouvB4Nk3exGC
|
|
2d/bYYpEq/P4DBiKfKnVPacxfeJTRWg32aZF4Z0D05UNW/SJ/sdUDvzyZ0LU/kdR
|
|
eZlm1wNLQjSapu+HcMnttdaGmY0FCDeIL8Ev6zUSfmjaKvRehsiw6jfjCNFY4BWq
|
|
UBZW7LgcU73KKO7e17JsL8g8pbS3XYpE7Vhzg16pjKqNHVRy
|
|
=0af3
|
|
-----END PGP SIGNATURE-----
|