I don't have any evidence that hardware compatibility plays any significant role at all in the persistence of insecurely-sized or badly-generated keys for public-key cryptography.
Well, sort of. But I probably could explained myself better, and maybe compatibility is not the right word, because this can be considered to go beyond compatibility.
Some remarks that I found interesting on the topic:
-While compatibility/reliability are 110% nice (compatibility being defined as "it works"), that doesn't mean full stability in generating entropy. "Components may be perfect; composition(they all together) can still be flawed", where the components are: Device Hardware, Device OS, and Device Software (KeyGen)"
- "in low-margin devices there aren't high-quality entropy sources to rely on", so its harder to know for sure that key was well generated.
- a large scale on RSA keys enabled the detection of entropy failures that manifested in the RSA keys of millions of devices. Most affected product families were lower-margin devices past their end-of-support date.
Ah. You're referring to the issue of devices which don't have sufficient sources of entropy to generate high-quality random numbers, particularly at early boot, particularly on first boot, and particularly for headless network-connected devices (like home router/gateway boxes).
Over the next few years there was quite a lot of work, including in the Linux kernel, on improving the entropy sources available to such devices, and making them more foolproof to use. https://lwn.net/Articles/724643/
The issues identified in this survey are related, but distinct. The Debian weak keys generated in 2006-8 are due to a straight up bug in Debian, and RSA keys that are of a too-small size are orthogonal. I found far fewer "inexplicable duplicate" TLS keys than Heninger
et al did in 2012.
A survey of ~20 million public keys (from TLS certificates, SSH server keys, Github and Gitlab users, and DNSKEYs).
An innovative technique compared to other commercial and open-source scanning software: downgrade TLS and SSH scanners to older protocol versions to find older keys alongside newer ones. (For example, a TLS server might offer an EC cert+key to TLS 1.2/1.3 clients, but an RSA key to clients that can only do TLS 1.0.)
Some notable findings:
- Debian weak keys (generated in 2006-2008) are still in use, including by highly active users on Github and Gitlab
- 512-bit and 1024-bit RSA keys are still in use, including their use as DNSKEYs for prominent companies and government agencies
- RSA keys generated by older versions of Putty and OpenSSH are easily distinguishable by their exponents; if a vulnerability in one of those implementations were discovered (similar to the recent https://cert.europa.eu/publications/security-advisories/2024...), it would be easy to find a very large number of vulnerable keys to target.
Good news:
- Unlike earlier research from 2012-2016, none of the RSA keys could be easily factored into large primes. (Other than Debian weak keys.)
- Certificate Transparency appears to be doing a good job of motivating reputable CAs to scrutinize the cryptographic material in the certificates they sign. No cryptographic weaknesses were identified in any of the keys in millions of recent CT-logged certificates.
As I understand it, Wealthsimple was founded independently but then quickly bought by Power Corporation.
It is indeed quite interesting that its innovation and competitive pricing (https://news.ycombinator.com/item?id=42838063) in the last couple years has happened under old, established Power Corp.
Any educating theories about why this is happening now?
Tangerine still insists on making login credentials your account number, and a 4 digit pin. There used to be a second system where they'd show you a secret combination of images after login and you'd provide an answer to one of four security questions, which kinda made things better as I just provided passwords as the answer to the questions, but now they've replaced that with drumroll SMS 2FA.
Security is a clown show at Tangerine, I no longer use it and can't suggest other folks do.
Indeed. Their 2FA manages to hit the sweet spot of being incredibly laggy, never remembering me, and maximally insecure.
> I no longer use it and can't suggest other folks do.
Same. I was lured in by their interest rate bonuses a couple years ago, but they're no longer offering anything that isn't beat by WealthSimple and others.
From my vantage point, with accounts in both Canada and the US, the US market seems hard to disrupt because its financial sector is already highly competitive.
Meanwhile Canada has long been completely dominated by 5 or 6 massive big banks that charge high fees for basic chequing accounts, and where credit card perks are far stingier than in the US…
The financially industry is being _pretty massively disrupted_ by Wealthsimple.
- They have a cash account (~checking/savings hybrid) that pays much better interest than all the big banks
- They offer zero-commission trades on Canadian and US stocks and ETFs
- They appear to be preparing a wide rollout of a credit card which offers 2% cash-back on everything (there are few Canadian credit cards that offer more than 1% cashback as a "base rate")
Almost the entirety of the enthusiasm for this post is based on people running crippled OSes (iOS, mainly) which won't let you tunnel 100% of traffic over a VPN.
> A 4G/5G router creates a "real" WiFi network rather than a personal network.
A properly functioning phone hotspot is a "real" WiFi network. The ones created by Android devices, at least, are running `hostapd`, which every Linux-based home router is running behind the scenes.
> devices are reluctant to connect to a personal hotspot automatically (Apple devices, at least).
reply