top | item 37085532

(no title)

oll3 | 2 years ago

I guess the default key is a problem too. Mainly since it might trick developers/manufactures that this somehow makes the key exchange secure if you use it while setting a device unique key.

I do work with OSDP devices and I have heard this argument from manufactures, like "we only support setting a new key while using the default key, it's more secure that way". While it, at best, will just obfuscate the process.

discuss

hqsolomo|2 years ago

I haven't done enough PKI to call myself "good" at it but I've done enough to shudder any time I hear "hardcoded key"