[Ksummit-discuss] [TECH TOPIC] Firmware signing

Andy Lutomirski luto at amacapital.net
Wed Aug 12 22:51:18 UTC 2015


On Wed, Aug 12, 2015 at 3:46 PM, David Howells <dhowells at redhat.com> wrote:
> Andy Lutomirski <luto at amacapital.net> wrote:
>
>> Once we're talking real, modern public keys, there's no point in even
>> hashing them.  A good cryptosystem will have 32-byte public keys, and
>> a sufficiently strong hash will be 32 bytes.
>
> And likely non-compliant with various security certifications.

Humor me: what security certification would not be okay with 65 bytes
of ECDSA/P-256 public key?  And what security certification would not
be okay with the SHA-256 (or SHA3-256) hash of something appropriate?

Even with compression, the standards should accept any representation
whatsoever that is *decompressed* to the correct 65-byte octet string
prior to calling into any crypto code.  Of course, there are (or were
or something) those who claim to have or have had patents on that,
from my extremely vague memory.

--Andy


More information about the Ksummit-discuss mailing list