- From: Chris Palmer <palmer@google.com>
- Date: Tue, 21 Oct 2014 16:06:11 -0700
- To: Ángel González <angel@16bits.net>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Oct 21, 2014 at 3:57 PM, Ángel González <angel@16bits.net> wrote: >> On the bright side, it’s very good that the machine generates a fresh >> key every time you re-enable HTTPS: That means that the key is not >> static, or identical on all the routers of the same make or model. > That still doesn't mean there won't be duplicate keys. It is hard for a > device to have good entropy after a reset. [1] Did you try resetting it > a few times and comparing the generated keys? I know. No, I did not check; I was only concerned that the key was not hard-coded. Given the many problems with Linux' CRNG, especially but not only a device like that, I didn't bother checking any further. >> if a device is only marketable if its price point is so low that it >> cannot be secure, perhaps it should disable itself after some >> reasonable life-time >> > -1 > > Users will perceive it as planned obsolescence for business reasons, and > I wouldn't be surprised if producers treated it like that, too. Otherwise it's planned unsafety. Perhaps vendors could open source their abandonware. Even then, though, most fielded devices would still be unsafe.
Received on Tuesday, 21 October 2014 23:06:38 UTC