Hacker News new | past | comments | ask | show | jobs | submit login

(I'm the author.)

> hardware compatibility

I don't have any evidence that hardware compatibility plays any significant role at all in the persistence of insecurely-sized or badly-generated keys for public-key cryptography.

Do you have a reason to think otherwise?






Well, sort of. But I probably could explained myself better, and maybe compatibility is not the right word, because this can be considered to go beyond compatibility.

Some remarks that I found interesting on the topic:

-While compatibility/reliability are 110% nice (compatibility being defined as "it works"), that doesn't mean full stability in generating entropy. "Components may be perfect; composition(they all together) can still be flawed", where the components are: Device Hardware, Device OS, and Device Software (KeyGen)"

- "in low-margin devices there aren't high-quality entropy sources to rely on", so its harder to know for sure that key was well generated.

- a large scale on RSA keys enabled the detection of entropy failures that manifested in the RSA keys of millions of devices. Most affected product families were lower-margin devices past their end-of-support date.

https://www.acsac.org/2023/program/final/s111.html https://www.acsac.org/2023/files/web/slides/chi-111-weakrsak... https://samvartaka.github.io/cryptanalysis/2017/01/03/33c3-e...

reply


Ah. You're referring to the issue of devices which don't have sufficient sources of entropy to generate high-quality random numbers, particularly at early boot, particularly on first boot, and particularly for headless network-connected devices (like home router/gateway boxes).

The 2012 Heninger paper (https://www.usenix.org/system/files/conference/usenixsecurit...) found quite a high number of duplicate TLS keys across seemingly-independent hosts, and attributed it to this issue:

Over the next few years there was quite a lot of work, including in the Linux kernel, on improving the entropy sources available to such devices, and making them more foolproof to use. https://lwn.net/Articles/724643/

The issues identified in this survey are related, but distinct. The Debian weak keys generated in 2006-8 are due to a straight up bug in Debian, and RSA keys that are of a too-small size are orthogonal. I found far fewer "inexplicable duplicate" TLS keys than Heninger et al did in 2012.

reply


:))) thanks for the insight

reply




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: