Reply to post: Re: The embedded gear is often based on very low-power hardware

Internet of crap (encryption): IoT gear is generating easy-to-crack keys

DougS Silver badge

Re: The embedded gear is often based on very low-power hardware

Shouldn't take months, considering the rate at which PCs can acquire randomness it might take a few hours. So start out using a weak key and then replace it after it has been running long enough to generate a strong one. Not perfect, but better than always using the weak key.

Alternatively, when first powered on they could connect to home base to get the initial key, and then replace it a few hours later. That prevents the weak key window, but I imagine some people would not be very comfortable with that.

Maybe some public organization needs to set up an internet accessible source of entropy as a public service, similar to how there are NTP servers as a public service...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020