Reply to post: Re: The embedded gear is often based on very low-power hardware

Internet of crap (encryption): IoT gear is generating easy-to-crack keys

Brian Miller

Re: The embedded gear is often based on very low-power hardware

Besides libraries, some chips with a "High-quality Random Number Generator" fail 50% of the DieHarder test suite.

Another problem is that the certificates in question could be generated at the factory, right when the device is turned on, with no entropy available because it's on an isolated network with the test machine. Sure, with a tiny bit of work they could get around this, but they just don't do it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021