[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)
Bill Frantz
frantz at pwpconsult.com
Mon Nov 16 17:29:45 EST 2015
On 11/16/15 at 12:51 PM, perry at piermont.com (Perry E. Metzger) wrote:
>(To give another common example, the world's home "routers" are an
>astonishingly large pool of highly insecure systems.)
I think these may be the best example we have of wide-spread
imbedded systems that are still in use well after their "use by" date.
Many of them could be updated with security fixes, but their
manufacturers have stopped supporting them. But people still use
the old ones because they continue to work, and replacing them
costs money, time to configure the replacement, and worst yet,
an unpleasant time learning enough about Internet protocols and
the ISP logon procedure to perform the configuration.
These devices are also a counterargument to the idea that
Internet connected devices will have to be upgraded because the
underlying protocols will change. Internet protocol designers
spend a lot of effort making sure new protocols are backward
compatible. The basic protocols used by home routers haven't
changed for many years, so the old ones work fine.
One bright spot is the major browser vendors flexing a bit of
muscle and turning off old, insecure protocols and algorithms.
It may be that the home router continues to run, but can not
longer be administrated because there are no browsers in the
house that are willing to speak the old protocol. Of course
users go to configure their routers only when they no longer run
so will the even notice.
Another ray of light is in smoke alarms. The new ones come with
a battery designed to last the life of the device. When the
battery runs down, replace the whole box. (This will also
replace the nuclear material used to detect smoke, which is why
regular replacement is recommended.) If people actually replace
their smoke alarms, they may be willing to replace other devices
just because time has past.
I certainly don't have a good answer in general. For internet
connected devices, ISPs could send a health report to encourage replacement.
Cheers - BIll
-------------------------------------------------------------------------
Bill Frantz | Re: Hardware Management Modes: | Periwinkle
(408)356-8506 | If there's a mode, there's a | 16345
Englewood Ave
www.pwpconsult.com | failure mode. - Jerry Leichter | Los Gatos,
CA 95032
More information about the cryptography
mailing list