And, if developers go looking for alternate sources of entropy, what shall we bet that bad sources of entropy will eventually get incorporated and oh boy.
Internet of crap (encryption): IoT gear generates easy-to-crack keys
A preponderance of weak keys is leaving IoT devices at risk of being hacked, and the problem won't be an easy one to solve. This was the conclusion reached by the team at security house Keyfactor, which analyzed a collection of 75 million RSA certificates gathered from the open internet and determined that number combinations …
COMMENTS
-
-
-
Tuesday 17th December 2019 11:24 GMT phuzz
Re: this matters more than people think
"you would think with all that interaction with nature the opportunities to seed would be endless"
But they'll try something like "I know, lets just record some noise from the antenna, RF noise is bound to be random!", but once the device is in the outside world, it then turns out that recording direct from the antenna actually produces an easily reproducible sequence because it was just picking up the harmonics from someone's microwave oven (for example).
Making actually random numbers is hard, you're better off just using 4. It's definitely random because I rolled a dice, and now you can use it too.
-
-
-
-
-
Monday 16th December 2019 17:06 GMT Brian Miller
Re: The embedded gear is often based on very low-power hardware
Besides libraries, some chips with a "High-quality Random Number Generator" fail 50% of the DieHarder test suite.
Another problem is that the certificates in question could be generated at the factory, right when the device is turned on, with no entropy available because it's on an isolated network with the test machine. Sure, with a tiny bit of work they could get around this, but they just don't do it.
-
-
Tuesday 17th December 2019 20:42 GMT Michael Wojcik
Re: The embedded gear is often based on very low-power hardware
Anyone who quotes von Neumann on random numbers in a discussion of true1 physical RNGs is in a state of irrelevance.
1Or, if you believe in strict determinism, intractable physical RNGs. But if strict determinism is true, then you have no free will and thus no choice over whether to split hairs over what might constitute "true randomness", so either you're wrong in your belief or there's no point in reading this footnote. Of course, in the latter case, you have no choice of whether to read the footnote.
-
-
-
Monday 16th December 2019 23:37 GMT Anonymous Coward
Re: The embedded gear is often based on very low-power hardware
Shouldn't take months, considering the rate at which PCs can acquire randomness it might take a few hours. So start out using a weak key and then replace it after it has been running long enough to generate a strong one. Not perfect, but better than always using the weak key.
Alternatively, when first powered on they could connect to home base to get the initial key, and then replace it a few hours later. That prevents the weak key window, but I imagine some people would not be very comfortable with that.
Maybe some public organization needs to set up an internet accessible source of entropy as a public service, similar to how there are NTP servers as a public service...
-
Tuesday 17th December 2019 20:42 GMT Michael Wojcik
Re: The embedded gear is often based on very low-power hardware
So start out using a weak key and then replace it after it has been running long enough to generate a strong one
They're talking about the private half of a key pair with an associated certificate, are they not? So replacing the private key would mean requesting a new certificate from the CA and updating that. And that means the device would have to be able to create a CSR (or use some other, almost certainly worse, protocol for the certificate request), contact the CA, and install the new certificate; it's not simply a matter of replacing a single key.
And the CA would have to be able to verify the identity of the requesting device. It could counter-sign its CSR with its existing key, but the whole problem is the existing key is weak.
A simpler fix would be to add some better entropy-generating hardware to the device. I don't pay close attention to current research in HRNGs, but I'd bet that even traditional techniques such as Zener diode avalanche noise or reverse-bias transistor noise would improve whatever these weak-key devices are currently doing. These aren't expensive techniques and multiple instances can be run in parallel.
Of course, as someone else posted above, some of these devices may be getting keys burned in at manufacturing time, and it's simply a matter of better manufacturing.
-
-
-
-
-
This post has been deleted by its author
-
Tuesday 17th December 2019 12:57 GMT Mike 137
The reality is ...
The reality is that vendors don't give a fetid dingo's kidneys (to quote Douglas Adams) as long as the crap sells. With negligible exceptions IoT is the biggest con since the South Sea Bubble. Using complicated overkill tech to do simple things like switching on a light or unlocking a door has only one purpose - to sell the complicated overkill tech (and preferably to monetise a data stream from it). But apparently you can fool most of the people most of the time.
-
Wednesday 15th April 2020 14:45 GMT realrandom
Entropy as a Service
iOT devices need a reliable source of high quality entropy. If entropy was burned into the chip at OEM, the device could use SOC upon initialization to generate a key known only to the end user. To further enhance the security, the device key could be periodically refreshed using an interface through a browser controlled by the end user. Real Random is the solution to this ticking time bomb!