Re: [Cfrg] [TLS] 3DES diediedie

Joachim Strömbergson <joachim@secworks.se> Wed, 07 September 2016 08:25 UTC

Return-Path: <joachim@secworks.se>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3D2312B53A for <cfrg@ietfa.amsl.com>; Wed, 7 Sep 2016 01:25:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id On4R_-Bl9kD1 for <cfrg@ietfa.amsl.com>; Wed, 7 Sep 2016 01:25:23 -0700 (PDT)
Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1825712B53E for <cfrg@irtf.org>; Wed, 7 Sep 2016 01:25:23 -0700 (PDT)
Received: from Knubbis.local (unknown [80.252.219.34]) by mail.frobbit.se (Postfix) with ESMTPSA id 8917421263; Wed, 7 Sep 2016 10:25:21 +0200 (CEST)
Message-ID: <57CFCEF0.2000501@secworks.se>
Date: Wed, 07 Sep 2016 10:25:20 +0200
From: =?UTF-8?B?Sm9hY2hpbSBTdHLDtm1iZXJnc29u?= <joachim@secworks.se>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: Ilari Liusvaara <ilariliusvaara@welho.com>
References: <20160906114030.18292816.41703.89024@ll.mit.edu> <57CEAE6F.1040608@secworks.se> <sjmeg4wvjut.fsf@securerf.ihtfp.org> <57CFC6C6.5030006@secworks.se> <20160907080523.szbjqpenkaz23scx@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20160907080523.szbjqpenkaz23scx@LK-Perkele-V2.elisa-laajakaista.fi>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/2dMi8KxLSaDLG4TTFIBVQkm4uC0>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] [TLS] 3DES diediedie
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2016 08:25:29 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Ilari Liusvaara wrote:
> On Wed, Sep 07, 2016 at 09:50:30AM +0200, Joachim Strömbergson
> wrote:
>> Researching lightweight ciphers is cool and good. But I don't
>> expect to see many symmetric primitives gain any major deployment.
>> Where I think we have a clear need for IoT is lightweight
>> asymmetric primitives. Key exchange, signatures etc. Too many
>> devices use PSK simply because key exchange is too costly, takes
>> too long time.
> 
> Unfortunately, the lightest weight asymmetric stuff currently known 
> that doesn't look to be broken to hell or at least look seriously 
> shaky is things like "Kummer" or "FourQ", which are like ~half of the
> cost of Curve25519...
> 
> And I don't expect this to change, in fact, to get even worse when 
> considering PQ stuff.
> 
> Yes, RLWE is lighter CPU-wise than either of those two above, but the
> extra communication costs from much larger keys will more than offset
> that.

I'm afraid that you are right. But as I said, this is one area where
good research result could have good traction in industry and be very
heopful.


>> Where I specifically see a big need is for a good standardized
>> firmware update mechanism. Today everybody either rolls their own
>> firmware mechanism or get a (broken) one from their MCU vendor. I
>> think there were a new working group for this within the IETF.
>> Can't remember and can't find. But I think that it a very good
>> idea.
> 
> I took a look at the IETF WGs, and didn't see anything that would
> look relevant...

It was Stephens workshop I was thinking of. I blame old age.

FW update is soo broken. Vendor solutions where the security is 3DES in
ECB mode only (no auth at all), solutions where you either can easily
get stuck in update mode, update and get stuck halfway through etc.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim@secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJXz87wAAoJEF3cfFQkIuyNiD8QAKMq7i4gvytmG32bRrt/VcUK
IuMMeTpDnlsg9P+gHwbrdzrrWfPDgxpoKAdpQ/JlcxbXqHjWHvUeuJIhEJQGu6OW
IbXzC+2w8/gJf8FvZf3uz7zVgzgUZn+8y7iRflGdMIY8IvX5D/CYLGoa7donTjVR
MypzNCUKtE7gD4RvjGaMz2UYoQ3Fq/f8WJkRTrJ33rh6iPjXx1IpGESAxpIT2kPs
9JjQ88sS7ttFJ1O0p+Ddckr0mBLy6vufa3ry5lAoNpAQgRN+4YTjQOcOpzcF7CtM
tZ97eMiWow2Ja+d0jPPEb/prqSrSBum+RDADnpoCHmZGK625mBWLVNiMOG8xFjSd
LKwCd6bUyfvtQR0nX/n/1917OCJ6M5NTcUXs/KNXiBcLdNROClEV4+4QAMobw5Xr
kaP4DqHHoZhLxjxPAOS13yJA8oTbuvVfXSPsypizzVeMjjSE5/DngfOiPAaq0dGq
5SQUtzZWxHga2B7S0vQnu0YnDkY8aD94XkCeoVtZH8wCzhl9jXaZfxH3wa3/6dGm
GzcJvEmIZ42GiSlf3jrnaeEc2m7QSftj8bmN8UjCYuMca9EE2sUdrS0JPQ3JE5vS
tQKI7L6KWw0zyQR8CgaGoQN+ZYMAwALpS4w8MX5M7ulizP8ZcR4bPC91NssGxoOR
Ya5hSQJnhYJb4nX+hfOF
=OEF7
-----END PGP SIGNATURE-----