[HH] Internet of Things Festival (IoTfest) video
Federico Lucifredi
flucifredi at acm.org
Sat Feb 22 21:11:51 EST 2014
Now the man wants *usable* security!
;-) you are correct. Although if you release a lot of updates in a short time period, you could choose not to swap the pubkey... Since the leak happens by giving time to attack the key. That would let you skip ahead to the last update before changing the key.
Of course, that requires you knowing in advance you will release a lot if updates, or setting a fixed policy ("we will change the key monthly").
Hum.
One more example of why hardened security does not happen by default. It really stands in the way.
Best-F
Sent from my iPhone
> On Feb 22, 2014, at 8:49 PM, Mark Komarinski <mkomarinski at wayga.org> wrote:
>
> Doesn't that mean that you have to install every update in sequence?
More information about the Hardwarehacking
mailing list