LittleBlackBox -- Default SSL Keys for Embedded devices

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://code.google.com/p/littleblackbox/

Regards,

dtb
- -- 
"Some things in life can never be fully appreciated nor
understood unless experienced firsthand. Some things in
networking can never be fully understood by someone who neither
builds commercial networking equipment nor runs an operational
network."  RFC 1925
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlB9/zEACgkQABP1RO+tr2RmUwCeObk00Zzb5GnUeBLfXzG8HvcZ
I+MAoLCj8s4Pt7i0dfp+6xxMujEcHrwV
=4AAO
-----END PGP SIGNATURE-----

=============================================================== From: David Ingram ------------------------------------------------------ Did this make anyone else watch Sneakers last night? Too many secrets....

=============================================================== From: Dan Lyke ------------------------------------------------------ On Tue, 16 Oct 2012 20:43:29 -0400 Dave Brockman wrote: On one embedded project I worked on, we had a hell of a time figuring out how to get entropy into local keys. Trying to get enough digits of randomness to be meaningful out of a few user keypresses ('cause everything else was pretty deterministic) was one hell of a challenge. Dan

=============================================================== From: "Alex Smith (K4RNT)" ------------------------------------------------------ That is one of my top favorite movies - there are some scenes that you fall off your chair laughing! :) On Wed, Oct 17, 2012 at 7:42 AM, David Ingram wrote:

=============================================================== From: Dave Brockman ------------------------------------------------------ Did it have network access, Setting up a network entropy daemon is on my todo..... Please excuse brevity and grammar, sent from my mobile device.

=============================================================== From: Dan Lyke ------------------------------------------------------ Not necessarily, this was mostly for DRM and uniquifying machines. Network access could make it a bit easier (for one thing: grab time when the device is first turned on, then hit something like an entropy server, build your key from that), susceptible to MitM attacks when it's first turned on, but should be okay for most consumer devices. Dan

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was thinking in terms of configuring the default key (at the factory) per-say, and I would assume *that* network would be secured. No, EGD is not a solution for a box out in the field generating its key on the fly, at least I haven't been able to come up with scenario that it would fit.... Regards, dtb - -- "Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network." RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlB/BGwACgkQABP1RO+tr2R4PgCgj03oQ5e6sZk8CYF4/Qi1sTBh QKwAoJYHf4pnBIG6dTgA5DhU+aNywaBx =ovNW -----END PGP SIGNATURE-----

=============================================================== From: Dan Lyke ------------------------------------------------------ Scenario: you could insist on a private key that was the first external site that the network accessed, and have the device insist that the first thing it got was some entropy with which to generate its own new key pair. You couldn't MitM that, but unless you get entropy from another source (ping latency? Something else? It would have to be unmeasurable by a sniffing device) to generate the new key pair, you can sniff that connection and predict what the new key would be based on the sniffed data. You really want that entropy to come from multiple sources so that someone trying to compromise the device needs to compromise multiple vectors. One possibility we were talking about was a source of randomness as the final test phase in manufacture, but making sure that that was truly random was tough. For instance, if you design a device to sell a few thousand and it turns into a few hundred thousand device, then maybe someone will decide to put a robot on the "turn on the device and punch a few buttons to start the initialization and self-test sequence", and all of a sudden your entropy gets very constrained. Dan

=============================================================== From: Erik Hanson ------------------------------------------------------ You could always try clock jitter, as per dakarand. http://dankaminsky.com/2012/08/15/dakarand/ Kaminsky talked about it during his derbycon keynote. http://www.irongeek.com/i.php?page=videos/derbycon2/1-1-3-dan-kaminsky-black-ops