[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)

Theodore Ts'o tytso at mit.edu
Fri Mar 14 10:10:51 EDT 2014


On Thu, Mar 13, 2014 at 11:46:48PM -0400, dan at geer.org wrote:
> 
>  * Embedded systems that have a remote management interface must
>  be certified by their maker to be designed such that when said
>  remote management interface is operated according to spec, the
>  maker shall be found negligent, per se, were the management interface
> 
>  * Embedded systems that have no remote management interface shall
>  be so designed as to die without fail no later than some fixed
>  time, which time is stated in advance.
> 
> This precludes, and I mean by statute, the possibility of an embedded
> system being at once blamelessly immortal, unupdatable, and vulnerable.

But who is responsible for doing the update?  And what if the entity
which is capable of providing security updates is out of business, and
the source code for the firmware is not available?

For certain high security applications, you might also want a third
choice, which is a local management interface which is guaranteed to
always be able to reset the firmware to the uploaded state (which
means that the firmware loader must not be modifiable).

This presumes that access to the local management port is available,
and that someone is on the hook to (a) provide security updates, and
(b) apply security updates, of course.  But these are issues that are
of concern for the first two choices as well.

   	       	   	     	     - Ted


More information about the cryptography mailing list