Re: Async rekey?

To: Simon Tatham <anakin%pobox.com@localhost>
Subject: Re: Async rekey?
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sat, 6 Aug 2022 11:34:22 +0000

Simon Tatham <anakin%pobox.com@localhost> writes:

>Another risk is exposure of the session keys from the implementation's memory
>[...]

These are being used in things like IEDs - the other IED, power grid control
elements - where there's nothing much on the system to attack, and
availability is vastly more important than a hypothetical problem of keys
being stolen, thus the don't-risk-data-corruption-via-a-rekey approach.  Even
if someone were to figure out how to steal a key, they're only really being
used for integrity protection (of control messages), and any attacker who can
extract the keys, delete legitimate messages, and inject their own fake ones
in their place already has capabilities way outside the threat model.

Peter.

References:
- Async rekey?
  - From: Mouse
- Re: Async rekey?
  - From: Simon Tatham
- Re: Async rekey?
  - From: Peter Gutmann
- Re: Async rekey?
  - From: Simon Tatham

Prev by Date: Re: Async rekey?
Next by Date: Algorithms: who's at fault here?
Previous by Thread: Re: Async rekey?
Next by Thread: Re: Async rekey?
Indexes:

Home | Main Index | Thread Index | Old Index