[Cryptography] PAKE for embedded device (<64K RAM)?
Allen
allenpmd at gmail.com
Mon Feb 27 15:05:46 EST 2017
> How does an app get a preshared secret key from a BLE device without the user entering it?
I could probably think of at least 20 ways if I spent 10 minutes
thinking about this. The device could come with printed QR code that
contained the secret key; the device could have a label with a short
password that when entered into the app causes the device to transmit
the preshared key to the app (and of course, if the wrong password is
entered 10 times, the device goes offline for an hour, etc.); the QR
code or short password could instead lookup the secret key from an
https internet database or there is no possibility of someone stealing
the key from the radio transmission; the user has to register the
device and the website gives them the preshared key during
registration, etc... I'm sure there are many more ways to do this--it
depends on the requirements of your app...
More information about the cryptography
mailing list