[RFC 3/4] FIT: add FIT image support
Jean-Christophe PLAGNIOL-VILLARD
plagnioj at jcrosoft.com
Fri Mar 13 10:00:32 PDT 2015
On 17:06 Fri 13 Mar , Marc Kleine-Budde wrote:
> On 03/13/2015 04:54 PM, Jean-Christophe PLAGNIOL-VILLARD wrote:
> >>> if you can break rsa4096, the chance you can break ECC are high too
> >>
> >> If you want to open the box, today you would probably not break
> >> rsa2048/sha1 (unless you have huge calculation power) but look for
> >> implementation weaknesses, like bugs or side channel attacks.
> >
> > I alredy see it done on rsa1024 few years ago, today rs2048 is supposedly
> > secured but as you hw may have to run for 10 years rs2048/sha1 is considered not
> > strong enough
>
> Some thoughts on 2048 vs. 4096:
> https://www.yubico.com/2015/02/big-debate-2048-4096-yubicos-stand/
I known about it already read it and work with yubico stuff
I disagre on the fact that rsa2048 is good for 15 years, with more and more
low cost power efficent SoC build a super calculator will be cheaper and
cheaper. I'd give it a go for less than 10 years.
It's always the same question what the hardware control. what damage can
happend if the software is tampered with.
A hw that control security door and co => high rist life issue.
Medical stuf ditto.
>
> While sha1 is considered broken.
it's broken and sha256 not yet but in 10 years strongly suspected
even in brut force
That's why FIPS work on SHA-2
Best Regards,
J.
More information about the barebox
mailing list