[Cryptography] PAKE for embedded device (<64K RAM)?
Andrew P. Lentvorski
bsder at allcaps.org
Mon Feb 27 02:21:31 EST 2017
I've been trying to secure some BLE (Bluetooth Low Energy)
communication, but seem to have hit into a wall in trying to avoid
active MITM attacks.
Is there a good PAKE anywhere for small devices? It seems like all the
PAKE protocols use very heavyweight primitives and don't like elliptic
curve stuff very much.
Maybe I'm just being obtuse and not searching on the right keywords, but
it seems like *everything* in this space is a bit flaky--either
theoretically or implementation-wise. It doesn't seem like there has
been much auditing going on in this space.
It seems like IEEE 802.15.6 was supposed to cover this, but it seems
like that got compromised:
http://arxiv.org/pdf/1501.02601.pdf
ProtonMail has a discussion about SRP here:
https://protonmail.com/blog/encrypted_email_authentication/
But it certainly makes me wary when I, as an implementer, seem to have
to make so many decisions about the underlying protocol(Hash function,
different moduli, embedded in certificate-TLS (then why use SRP?), prime
number choice, etc.). Since I am most definitively *NOT* a
cryptographer, I'm incredibly likely to screw something up. SRP isn't
exactly *small* either.
Normally, my first instinct is to go look at what DJB has to say and
then work outward from there, but I'm not seeing anything in this space.
Am I missing something? What's the current "best practice" in this space?
Any pointers would be appreciated.
Thanks,
-a
More information about the cryptography
mailing list