It depends on your threat model. If you are more concerned about firmware flaws and design, it makes more sense to use an open IC with a solid FW design. If you absolutely must resist physical attacks, maybe not.
-
Quick napkin math: A GPU can do ~2^32 hashes/s or ~2^44 hashes/h. A spot g3s.xlarge on AWS goes for 40 cents/h. Let's assume I have a $400k budget (if I steal a key and compromise the secure element, I probably have that). This means I can factor 2^64 bits of entropy.
Which is 9 characters of random ASCII. A lot of people use way more than that. Certainly people who care enough to be worried about attackers owning SEs.
-
-
Either way, the point here is, why *wouldn't* you wrap the private key material, even without stretching? Defense in depth. It would've stopped that dumb bug you guys had where PINs were not checked properly. No PIN, no secrets.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
10 characters, but close enough. The average entropy of user passwords however is 40-50 bits depending on the study. So it's safe to say very few people pick 64 bit+. I can see how this is valuable for a few high-end users. For the average user, it wouldn't help much.
-
Again, defense in depth. You can't guarantee I can't devise an attack on your SE chip for <$1k, or there could be a firmware issue. Having proper key wrapping would help keep the attack cost high in that scenario.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.