I don't have any evidence that hardware compatibility plays any significant role at all in the persistence of insecurely-sized or badly-generated keys for public-key cryptography.
Well, sort of. But I probably could explained myself better, and maybe compatibility is not the right word, because this can be considered to go beyond compatibility.
Some remarks that I found interesting on the topic:
-While compatibility/reliability are 110% nice (compatibility being defined as "it works"), that doesn't mean full stability in generating entropy. "Components may be perfect; composition(they all together) can still be flawed", where the components are: Device Hardware, Device OS, and Device Software (KeyGen)"
- "in low-margin devices there aren't high-quality entropy sources to rely on", so its harder to know for sure that key was well generated.
- a large scale on RSA keys enabled the detection of entropy failures that manifested in the RSA keys of millions of devices. Most affected product families were lower-margin devices past their end-of-support date.
dlenski|1 year ago
> hardware compatibility
I don't have any evidence that hardware compatibility plays any significant role at all in the persistence of insecurely-sized or badly-generated keys for public-key cryptography.
Do you have a reason to think otherwise?
Cascais|1 year ago
Some remarks that I found interesting on the topic:
-While compatibility/reliability are 110% nice (compatibility being defined as "it works"), that doesn't mean full stability in generating entropy. "Components may be perfect; composition(they all together) can still be flawed", where the components are: Device Hardware, Device OS, and Device Software (KeyGen)"
- "in low-margin devices there aren't high-quality entropy sources to rely on", so its harder to know for sure that key was well generated.
- a large scale on RSA keys enabled the detection of entropy failures that manifested in the RSA keys of millions of devices. Most affected product families were lower-margin devices past their end-of-support date.
https://www.acsac.org/2023/program/final/s111.html https://www.acsac.org/2023/files/web/slides/chi-111-weakrsak... https://samvartaka.github.io/cryptanalysis/2017/01/03/33c3-e...