[Gnuk-users] FST-01 is going to be non-reproducible any more
NIIBE Yutaka
gniibe at fsij.org
Tue Jan 5 06:50:27 UTC 2016
Hello,
While updating the Seeed wiki page:
FST-01 Wiki:
http://www.seeedstudio.com/wiki/FST-01
I realized that one of the parts (specifically, U2, LDO V-Regulator,
CAT6217-330TDGT3) is discontinued.
Still, I can see QTY=21,000 is avaiable at Rochester, though:
https://www.rocelec.com/parts/results/all/?s=CAT6217-330TDGT3
... and we have alternative parts, too.
* * *
Well, 2016 would be the good timing to consider another hardware
design.
In this holiday season, I was considering use of Bluetooth for a
crypto token, but my conclusion was: it's not good idea. I concluded
that the use of Bluetooth should be limited to some HID feature, only.
If using Bluetooth, I think that the size and complexity of other
parts (than public key crypto for OpenPGP) will be bigger because of
the protocol stack of Bluetooth and its encrypted communication
channel. So, the major security risks will not be determined by Gnuk
implementation itself.
I am considering to release Gnuk 1.2.0. And to start development of
new branch, removing RSA. Perhaps, it will be only with Curve25519
and Ed25519.
I think that Cortex-M0+ (with 1-cycle 32-bit x 32-bit -> 32-bit
multiplier) running at 48MHz can be good token for OpenPGP (or SSH).
While Cortex-M3 does 32-bit x 32-bit -> 64-bit multiplication takes
3-5 cycles and it is not constant-time (it skips cycles for smaller
values). I don't think it is easy to mount this fact to build a real
attack, but 1-cycle 32-bit x 32-bit -> 32-bit multiplier would sound
good for constant-time lovers.
I'll port Chopstx to Cortex-M0+. Then, I'll consider Gnuk25519.
User interface of a token is also important. I'm considering
something like HID device; a piezo buzzer for notification and a
button for acknowledgment/confirmation.
--
More information about the gnuk-users
mailing list