[cryptography] Preserve us from poorly described/implemented crypto

David G. Koontz david_koontz at xtra.co.nz
Sun Jun 5 21:57:08 EDT 2011

On 5/06/11 6:26 PM, Peter Gutmann wrote:

> That's the thing, you have to consider the threat model: If anyone's really
> that desperately interested in watching your tweets about what your cat's
> doing as you type them then there are far easier attack channels than going
> through the crypto.

> It's a consumer-grade keyboard, not military-crypto hardware, chances are
> it'll use something like AES in CTR mode with an all-zero IV on startup, so
> all you need to do is force a disassociate, it'll reuse the keystream, and you
> can recover everything with an XOR.

There are other ways to deny effectiveness. If the fixed keys are generated
from things knowable during Bluetooth device negotiation the security would
be illusory.  If that security were dependent on an external security factor
but otherwise based on knowable elements you'd have key escrow.

It's hard to imagine as Peter said there'd be any great interest in
cryptanalytic attacks on keyboard communications.  You could counter the
threat by using your laptop's built-in keyboard. It sounds like a marketing
gimmick, and could be considered a mild form of snake oil - the threat
hasn't been defined, nor the effectiveness of the countermeasure proven.  A
tick box item to show sincerity without demonstrating dedication.

More information about the cryptography mailing list