THE MYTH OF
AIR-GAPPED NETWORKS

We needed to generate the Root CA keys for Ronin's internal signing infrastructure. This is the "Crown Jewels" of our security. If these keys leak, we are dead.

The standard procedure is simple: Buy a laptop. Never connect it to the internet. Generate keys. Store in a safe. We thought that was enough. Then we read the research papers on Acoustic Cryptanalysis.

1. Computers Scream

You think your computer is silent? It isn't. The CPU voltage regulators vibrate (coil whine). The fans spin at specific frequencies.

Researchers have proven that malware can infect an air-gapped computer (via a USB drive) and then exfiltrate data by modulating the speed of the cooling fans to transmit ultrasonic sound waves. A nearby smartphone can "hear" these waves and decode the private keys.

The data transfer rate is slow (bit per hour), but keys are small.

2. Physical Hardening Protocol

We realized we couldn't just use a MacBook off the shelf. We had to perform surgery.

We bought an old ThinkPad T440p (the tank of laptops) and took it to the workbench. Here is what we removed:

3. The Faraday Cage

Sound isn't the only vector. Tempest attacks can read the electromagnetic radiation emitted by your monitor cable from across the street.

We built a Faraday Cage in the basement of our Travnik HQ. It is essentially a copper-mesh tent grounded to the building's water pipe.

When we need to sign a new intermediate certificate, two senior engineers enter the cage. They leave their phones outside. They use a fresh, verified USB stick to transfer the request. They sign it. They destroy the USB stick.

4. Is This Overkill?

Probably. We are a deployment platform, not the NSA.

But security is a mindset. If we are this paranoid about our internal keys, imagine how paranoid we are about your keys.

We don't trust "Software Isolation." We trust Physics.

WE TAKE SECURITY SERIOUSLY

Your environment variables are encrypted at rest using keys generated in that basement.