"Kevin W. Wall" <kevin.w.w...@gmail.com> writes: >OTOH, I suppose one could argue that this better than your normal wireless >keyboard which is just communicating over an unencrypted channel.
That's the thing, you have to consider the threat model: If anyone's really that desperately interested in watching your tweets about what your cat's doing as you type them then there are far easier attack channels than going through the crypto. >If they use random IVs and appropriate cipher mode or couple the ciphertext >with an HMAC to ensure message authenticity, I think they should be OK. It's a consumer-grade keyboard, not military-crypto hardware, chances are it'll use something like AES in CTR mode with an all-zero IV on startup, so all you need to do is force a disassociate, it'll reuse the keystream, and you can recover everything with an XOR. (I looooove the counter mode crypto fashion statement, it's the RC4 debacle all over again. Now that we've finally got rid of RC4 after 20-odd years we're reintroducing the same problem using AES). Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
