Hilarie Orman <hila...@purplestreak.com> writes: >> From: Derek Atkins <de...@ihtfp.com> >> Date: Wed, 31 Aug 2016 10:17:25 -0400 > >> "Steven M. Bellovin" <s...@cs.columbia.edu> writes: > >> > Yes. To a large extent, the "IoT devices are too puny for real >> > crypto" is a hangover from several years ago. It was once true; for >> > the most part, it isn't today, but people haven't flushed their cache >> > from the old received wisdom. > >> This is certainly true for AES, mostly because many small chips are >> including AES accelerators in hardware. It's not quite true for public >> key solutions; there are still very small devices where even ECC takes >> too long (and yes, there are cases where 200-400ms is still too long). > >> > It pays to look again at David Wagner's slides from 2005, on sensor >> > nets and crypto: >> > https://people.eecs.berkeley.edu/~daw/talks/sens-oak05.pdf >> > > > Unattended sensors with wifi present an unsolved crypto problem. They > can last 10 years on an AA battery without crypto, probably well less > than a year if they have to do any kind of encryption. These things > will be everywhere, providing the data that will underly all kinds of > decision-making.
Assuming there are *some* integrity requirements for the data, and that they are deploying 32-bit ARM with AES support (stipulating that ~every CPU will have AES support in a few years, as ~every CPU sold does today), we're talking about *either* an ECDHE negotiation every few months or a pre-shared key, good for ten years. AES-GCM with hardware support compares favorably to SHA-2 without hardware support, so if they've been able to last 10 years before, they should do just fine in the future. The old devices won't last forever, and probably can't run TLS 1.3---that's fine, TLS 1.2 will be with us for ten years after 1.3 is out. -Brian > Although much of the solution may lie in hardware innovation, the > world really does need minimal crypto algorithms. > > Hilarie > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
