Networking on tiny machines

Posted May 8, 2014 10:57 UTC (Thu) by intgr (guest, #39733)
In reply to: Networking on tiny machines by fandingo
Parent article: Networking on tiny machines

This isn't really comparable. Implementing a symmetric cipher is quite straightforward and easy to test. Basically it's just doing arithmetic operations and table lookups in a loop.

But I'm sure they could just invoke the existing AES code directly without going through the kernel's crypto API, for similar savings in code size.

All the complexities and vulnerabilities in crypto libraries tend to come from protocol logic and data structure parsing, not the ciphers/primitives themselves.

> cryptosystems

Just a nitpick, "cryptosystem" refers to a set of algorithms for a single purpose (such as the RSA encryption cryptosystem, comprised of key generation, encryption and decryption).

Networking on tiny machines

Posted May 9, 2014 4:41 UTC (Fri) by jeff_marshall (subscriber, #49255) [Link]

Agreed; implementing a block cipher is stupid simple unless you are trying to mitigate the relevant side channel attacks, and for this use case side channels aren't a meaningful threat.

I've implemented AES myself in software for several different platforms on bare metal, and helped others to implement it in hardware. In all cases, it was pretty straightforward.