[Chugalug] LittleBlackBox -- Default SSL Keys for Embedded devices

Dave Brockman dave at brockmans.com
Wed Oct 17 19:18:05 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/17/2012 1:38 PM, Dan Lyke wrote:
> On Wed, Oct 17, 2012 at 9:58 AM, Dave Brockman <dave at brockmans.com>
> wrote:
>> Did it have network access,  Setting up a network entropy daemon
>> is on my todo.....
> 
> Not necessarily, this was mostly for DRM and uniquifying machines. 
> Network access could make it a bit easier (for one thing: grab
> time when the device is first turned on, then hit something like an
> entropy server, build your key from that), susceptible to MitM
> attacks when it's first turned on, but should be okay for most
> consumer devices.
> 

I was thinking in terms of configuring the default key (at the
factory) per-say, and I would assume *that* network would be secured.
 No, EGD is not a solution for a box out in the field generating its
key on the fly, at least I haven't been able to come up with scenario
that it would fit....

Regards,

dtb


- -- 
"Some things in life can never be fully appreciated nor
understood unless experienced firsthand. Some things in
networking can never be fully understood by someone who neither
builds commercial networking equipment nor runs an operational
network."  RFC 1925
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlB/BGwACgkQABP1RO+tr2R4PgCgj03oQ5e6sZk8CYF4/Qi1sTBh
QKwAoJYHf4pnBIG6dTgA5DhU+aNywaBx
=ovNW
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list