On Nov 16, 2009, at 12:30 PM, Jeremy Stanley wrote:
If one organization distributes the dongles, they could accept
only updates signed by that organization. We have pretty good
methods for keeping private keys secret at the enterprise level,
so the risks should be manageable.
But even then, poor planning for things like key size (a la the
recent Texas Instruments signing key brute-forcing) are going to be
an issue.
I'm not sure that's the right lesson to learn.
A system has to be designed to work with available technology. The
TI83 dates back to 1996, and used technology that was old even at the
time: The CPU is a 6MHz Z80. A 512-bit RSA was probably near the
outer limits of what one could expect to use in practice on such a
machine, and at the time, that was quite secure.
Nothing lasts forever, though, and an effective 13 year lifetime for
cryptography in such a low-end product is pretty good. (The
*official* lifetime of DES was about 28 years, though it was seriously
compromised well before it was officially withdrawn in 2005.)
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com