1/5 page
Random numbers are the basis of most security, but they are surprisingly difficult to create. This is an excerpt from Pico’s intermediate level book on Wifi features.
master of raspberry Pi PAiko In C:
Wifiand IwIP and mbedtls
Written by Harry Fairhead & Mike James
Please purchase from Amazon.
content
preface
- Pico WiFi stack
- TCP overview
Extract: The simplest HTTP client - More advanced TCP
- SSL/TLS and HTTPS
Extract: The simplest HTTPS client - Crypto details
Extract: random number new! ! - server
- Increased speed with UDP
Extract: basic UDP - SNTP for time management
- SMTP for email
- MQTT for IoT
Appendix 1 Introduction to C
Encryption is difficult and requires you to be an expert to implement almost all of its methods, but you also need to be a bit of an expert to understand your options when using libraries like mbedtls. This chapter summarizes the theory and practice of various things that need to be done correctly to use the encryption provided by the library in a secure manner. This is by no means a complete or sophisticated cure, and by the end of this chapter there is much more to know, but you should be able to understand some of the difficulties in achieving and maintaining security. This is a practical “getting started” guide.
random number problem
One of the requirements for IoT devices that are not intended for personal or experimental use is to ensure that the devices are secure. The best way to do this is to use a well-known and widely used cryptographic library such as mbedtls. By doing this, you can claim that you are using industry standard encryption. Unfortunately, all security is built on the foundation of a good random number source.
It’s not difficult to understand why. Random numbers are used to generate keys used in symmetric key encryption, which is used to send large amounts of data between clients and servers. Public-private key encryption that does not rely on random number generation can be used as long as the private key is kept secret and if there are enough bits that it is difficult to calculate or guess the private key from the public key. As long as you have it, you’re safe.
Symmetric key encryption, on the other hand, is vulnerable to just guessing the key. You can try to decrypt the data using the trial key until you have data that you can understand as plain text. Again, this is difficult as long as the key has enough bits and is chosen randomly. However, if the random number generator has statistical flaws, the search space for trial keys can be significantly reduced. For example, a random number generator that generates more 0s than 1s reduces the search space by half. If we can find enough statistical irregularities, we can reduce the initial huge search space to something more reasonable.
In other words, the security of symmetric key encryption depends on the quality of the random number generator.
The question is: how much quality do you need in your random number generator?
In reality, it is unlikely that your device will be hacked due to a random number generator that is not perfect. It’s generally not worth the effort, especially if you have physical access, as there are many easy ways to compromise your system. in addition. However, there is also the issue of how things are presented. Some users are very security conscious and the only reasonable way to satisfy them is to use industry standard encryption according to industry standard best practices. If you have to say, “I’m using a standard cryptographic library, but I’m using a homemade random number generator,” credibility is lost.
To utilize TLS, you must provide a random number generator mbedtls_hardware_poll for the key exchange to work. With the introduction of SDK 1.5, a number of new random number generation functions have been added that make available the standard implementation of mbedtls_hardware_poll. However, that doesn’t mean you can ignore the problem. Random numbers are important and understanding the problem is worth the investment.
