> From: Brian Sniffen <bsnif...@akamai.com> > >> From: Derek Atkins <de...@ihtfp.com> > >> Date: Wed, 31 Aug 2016 10:17:25 -0400 > > > >> "Steven M. Bellovin" <s...@cs.columbia.edu> writes: > > > >> > Yes. To a large extent, the "IoT devices are too puny for real > >> > crypto" is a hangover from several years ago. It was once true; for > >> > the most part, it isn't today, but people haven't flushed their cache > >> > from the old received wisdom. > > > >> This is certainly true for AES, mostly because many small chips are > >> including AES accelerators in hardware. It's not quite true for public > >> key solutions; there are still very small devices where even ECC takes > >> too long (and yes, there are cases where 200-400ms is still too long). > > > >> > It pays to look again at David Wagner's slides from 2005, on sensor > >> > nets and crypto: > >> > https://people.eecs.berkeley.edu/~daw/talks/sens-oak05.pdf > >> > > > > > Unattended sensors with wifi present an unsolved crypto problem. They > > can last 10 years on an AA battery without crypto, probably well less > > than a year if they have to do any kind of encryption. These things > > will be everywhere, providing the data that will underly all kinds of > > decision-making.
> Assuming there are *some* integrity requirements for the data, and that > they are deploying 32-bit ARM with AES support (stipulating that ~every > CPU will have AES support in a few years, as ~every CPU sold does > today), we're talking about *either* an ECDHE negotiation every few > months or a pre-shared key, good for ten years. > AES-GCM with hardware support compares favorably to SHA-2 without > hardware support, so if they've been able to last 10 years before, they > should do just fine in the future. The old devices won't last forever, > and probably can't run TLS 1.3---that's fine, TLS 1.2 will be with us > for ten years after 1.3 is out. > -Brian > > Although much of the solution may lie in hardware innovation, the > > world really does need minimal crypto algorithms. > > > > Hilarie > > An ARM is far too much hardware to throw at "read sensor/munge data/send data". Hilarie _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
