Recent content by Janne Oksanen

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Larger Font Styles
    Guest:

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)

    /Steve.
  1. J

    Elliptic curve crypto on a micro controller

    I wouldn't go quite that far. But it can protect against malicious firmware updates. The need for asymmetric crypto was never in question here. It's been assumed from the very beginning. :) I don't think that TLS and DNS need to be involved here. The public key can be in the firmware and then...
  2. J

    Elliptic curve crypto on a micro controller

    Let's say firmware updates need to be signed. That should take care of that problem. Anything else you can think of?
  3. J

    GAMES Simulation, Logic, Puzzle, Exploration, Story Games to RELAX By

    How would you review it? I started on it but then got busy with other stuff so I'm only about half an hour into it.
  4. J

    Elliptic curve crypto on a micro controller

    This is something I had not thought of so let's walk through this attack model and see what happens. Attacker has access to the public key of the new end device Attacker constructs a fake man-in-the-middle device to look like the network controller to the end device and the end device to the...
  5. J

    Elliptic curve crypto on a micro controller

    Here's how I've figured it would work: You have a network controller that has some kind of UI where you can enter a pairing key (public key) of the device you want to add to the network. You buy a new device. The device has a key printed on the device. The device has a corresponding private key...
  6. J

    Elliptic curve crypto on a micro controller

    In this application it does not matter whether the pairing takes 1 second or 10 seconds. What does matter is that the decision I make now is future proof for at least 15 years from now. So I don't see any reason to cut corners with security if there are no hard constraints force me to do so. I...
  7. J

    Elliptic curve crypto on a micro controller

    Let's think about this. How would this work? Would all the devices have the same symmetric key? In that case you have a secret to keep and if that secret ever gets out (by disclosure or reverse engineering) all of your devices are compromised. Or would the network controller need to be updated...
  8. J

    Elliptic curve crypto on a micro controller

    Because only the actual device will have the private key needed to decode the messages sent by the network controller. The private key is not written on the box like the symmetric key would be.
  9. J

    Elliptic curve crypto on a micro controller

    How do you know that the key on those IoT devices is symmetric? I mean from the user's standpoint the procedure looks exactly the same unless there's some extra step to actually verify that you're connecting to the right device (blinking LEDs, pressing a button or something). With asymmetric...
  10. J

    LastPass changes will make free tier less useful

    This was the final push I needed to move away from LastPass. I've been a user for over 10 years and a paid user for the majority of that time. But last time my subscription ran out they didn't notify me. I only found out a couple months later after I started wondering why I'm no longer getting...
  11. J

    Elliptic curve crypto on a micro controller

    Right, this is what I was thinking. I was a little confused there. We don't need a Diffie-Hellman exchange because the network controller already has the public key of the new device and can just send the symmetric network key in encrypted form. And only the correct device will be able to...
  12. J

    GAMES Simulation, Logic, Puzzle, Exploration, Story Games to RELAX By

    Thimbleweed Park is currently on sale on Steam. I assume there must be a some old timers here who enjoyed the Sierra and Lucas Arts adventure games in the 80s and 90s.
  13. J

    Elliptic curve crypto on a micro controller

    I've been listening to Security Now long enough to know that with crypto you should always reach out to more knowledgeable people to make sure you're doing it right. I need to implement a secure pairing of IoT devices. To do that I'm thinking I will need to use asymmetric crypto with the public...