On Thu, Sep 8, 2016 at 8:01 AM, Derek Atkins <de...@ihtfp.com> wrote:
> So they are finally up to 80-bit security? Woohoo! > That makes me feel so safe. > 1024-bit RSA is certainly less than ideal, but certainly better than nothing, which was the claim about devices in this class. Comparisons with symmetric cryptography aren't exactly fungible like that either: though I personally consider 1024-bit RSA keys to be weak, to my knowledge one has not been factored successfully by the general public. Payments are a very poor example.. Several seconds per transaction? > That's not usable performance. Look at all the pushback from consumers > that have been happening since the changeover to chip cards in the US > this past year. > The cryptography is not the bottleneck in this case: poor implementations of the protocol are. Use the same card for an NFC transaction (provided it's capable) and the delay will be considerably less. Also, an asymmetric primitive is something you'd use to exchange keys and sign transcripts for session initialization, after which all subsequent communication is symmetric. Does a second of handshaking actually matter if all subsequent communication is hardware accelerated symmetric cryptography? (I'm sure it might for some, but won't for many others) The real point is that if verticals within the "IoT space" were to standardize on a particular set of asymmetric primitives and ship them en masse like the payments industry did, economies of scale can drive the costs down to the levels they deem acceptable. But they seem unwilling to do the up-front development work and want to continue using the MCUs they're already using, many of which have no crypto accelerators whatsoever...
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
