[cryptography] Preserve us from poorly described/implemented crypto

Kevin W. Wall kevin.w.wall at gmail.com
Sun Jun 5 01:28:56 EDT 2011


On Sat, Jun 4, 2011 at 9:46 PM, Stephan Somogyi
<cryptography at lt.gross.net> wrote:
> "So what is AES? It's a unique pre-programmed 128-bit encryption key which
> is designed to help prevent your keystrokes, which are transmitted
> over-the-air, from being intercepted and deciphered."
>
> I just discovered the preceding at:
> <http://microsofthardwareblog.com/wireless-desktop-2000/>.
>
> Neither the Product Guide nor the Technical Data Sheet provide details.
>
> Is there really only a single hardwired key for the kbd/receiver pair as the text suggests?

Are you asking if there is only a single hardwired key for that is the
same for *all*
keyboard / receiver pairs? That would be insane. I certainly did NOT
get that impression.
I thought they just meant that each keyboard/mouse and receiver had a fixed, but
unique AES key hardwired into it.

Or perhaps you are simply saying that they are susceptible to timing
attacks just because
they use a single fixed key? While that _could_ be true for their
given implementation, I don't
think that that necessarily follows just because a single
keyboard/receiver, mouse/receiver
pair uses a single fixed key. If they use random IVs and appropriate
cipher mode or couple the
ciphertext with an HMAC to ensure message authenticity, I think they
should be OK.
However, without technical details, it's impossible to tell. And if
they did something
stupid like basing the AES key on a serial #, that would not bode well
either. (Even if
they used an HMAC of the S/N "signed" by a secret held only by
Microsoft, that's way
too brittle...someone steals that one secret and it would be game over.)

OTOH, I suppose one could argue that this better than your normal
wireless keyboard
which is just communicating over an unencrypted channel. (Yes, there's
always the
danger if Microsoft totally botched it and no one knows that one might get the
illusion of security. However if one is close to pick up wireless signals, than
Van Eck phreaking is also probably a possibility. So probably not suitable
for spys. ;-)

Just my $.02. Maybe one of the real cryptographers on this list will give you
a more authoritative answer.

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein



More information about the cryptography mailing list