ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] SHA3 algorithm ids.

2015-08-18 09:33:49
from [Bill Frantz] [Permanent Link] 
On 8/16/15 at 8:47 AM, derek(_at_)ihtfp(_dot_)com (Derek Atkins) wrote:


Bill Frantz <frantz(_at_)pwpconsult(_dot_)com> writes:


I think in the IoT space, we will need to have signed software
updates. I don't think there is much of an issue taking several
seconds to verify an update signature, but these 8 bit processors seem
like the right level of hardware for these IoT devices.


Yes, signed software is definitely one use case.  However, often on
these systems it's more than just authenticating a software update;
sometimes it might actually want to check the signature on every bootup
(to prevent an attack on the flash/firmware)!
I hope we don't have to worry about attacks via physical access, so the only attacks available will be through the upgrade mechanism.
We also need to worry about authentication and replay prevention for the instructions delivered to these devices through the internet. One can imagine an architecture with a controller with the power of a Raspberry Pi giving orders to dumber devices using authenticated symmetric crypto as a solution. That system would prevent my favorite "neat hack" attack, turning your neighbor's living room into your own light organ. 



I'll note that there are alternate algorithms that run much faster than
ECC (e.g. Algebraic Eraser can run in the tens of miliseconds instead of
the ones of seconds of ECC)!  However my real point is that we should
not ignore these platforms, and more specifically we should remember
that they might not have the power to run the same algorithms that work
fine on our x86-64 servers.


I think we are in violent agreement here.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz | If you want total security, go to prison. There you're 408-356-8506 | fed, clothed, given medical care and so on. The only 
www.pwpconsult.com | thing lacking is freedom. - Dwight D. Eisenhower

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] SHA3 algorithm ids., Derek Atkins
Next by Date:  Re: [openpgp] SHA3 algorithm ids., Phillip Hallam-Baker
Previous by Thread:  Re: [openpgp] SHA3 algorithm ids., Derek Atkins
Next by Thread:  Re: [openpgp] SHA3 algorithm ids., Phillip Hallam-Baker
Indexes:  [Date] [Thread] [Top] [All Lists]