[Cryptography] embedding security (was ChaCha)

dan at geer.org dan at geer.org
Fri Mar 14 14:18:40 EDT 2014

All -- Sure, there are imperfections and edge conditions around the
requirements I was suggesting (management-interface XOR finite-lifetime)
for embedded devices.  As always, it is tempting to let the best
be the enemy of the good, with which I am sympathetic in emotion
but try always to discipline myself out of such temptations.  In
any case, the triad of {immortal, un-updateable, and vulnerable}
and its cross-product with Really Big Numbers of embedded systems
seems so real and so prevalent that a cold bath is surely preferable
to waiting for a sufficient disaster to make way for easy change.
(Yes, I know, Washington wisdom says to never let a good crisis go
to waste, meaning that absent a crisis the status quo ante is the
rule of the day.  All hail Rahm Emanuel, so to speak.)

In the meantime, this is an interesting paper...

Perimeter-Crossing Buses: a New Attack Surface for Embedded Systems


More information about the cryptography mailing list