Getting cryptography right isn’t easy, and it’s a lot worse on constrained devices like microcontrollers. RAM is usually the bottleneck — you will smash your stack computing a SHA-2 hash on an AVR — but other resources like computing power and flash code storage space are also at a premium. Trimming down a standard algorithm to work within these constraints opens up the Pandora’s box of implementation-specific flaws.
Still, there are some concrete recommendations. Here are some spoilers. For encryption, they recommend a trimmed-down version of AES-128, which is a well-tested block cipher on the big machines. For message authentication, they’re happy with Galois/Counter Mode and AES-128.
I was most interested in hashing, and came away disappointed; the conclusion is that the SHA-2 and SHA-3 families simply require too much state (and RAM) and they make no recommendation, leaving you to pick among less-known functions: check out PHOTON or SPONGENT, and they’re still being actively researched.
If you think small-device security is easy, read through the 22-question checklist that starts on page twelve. And if you’re looking for a good starting point to read up on the state of the art, the bibliography is extensive.
Highly polished all-in-one gear for teaching STEM is one way to approach the problem. But for some, they can be intimidating and the up-front expenditure can be a barrier to just trying something before you’re certain you want to commit. [Miranda] is taking a different approach with the aim of making engineering education possible with junk you have around the house. The point is to play around with engineering concepts with having to worry about doing it exactly right, or with exactly the right materials. You know… hacking!
“Teardown” isn’t really accurate here, at least by the standard of [electronupdate]’s other component teardowns, like his looks inside LED light bulbs and das blinkenlights. “Rubdown” is more like it here, because what starts out as a rather solid looking SMT component needs to be ground down bit by bit to reveal the inner ferrite and copper goodness. [electronupdate] embedded the R30 SMT inductor in epoxy and hand lapped the whole thing until the windings were visible. Of course, just peeking inside is never enough, so he set upon an analysis of the inductor’s innards. Using a little careful macro photography and some simple image analysis, he verified the component’s data sheet claims; as an aside, is anyone else surprised that a tiny SMT component can handle 30 amps?
[Madox] is a trackball user, which is fine; we at Hackaday respect and appreciate those who live alternative lifestyles. As you would expect, there aren’t many makes and models of trackballs being sold, and [Madox] wanted something ergonomic. A DIY solution was necessary, but how to you model something ‘ergonomic’ before printing it out? Floam, apparently.
Floam is a sticky, moldable goo originally sold as the follow-up to Nickelodeon’s Gak in the early 1990s. It consists of styrofoam pellets held together with a colored binder that doesn’t leave a mess and doesn’t dry out. While the Nickelodeon version is lost to the sands of time, a Floam-like substance is available at any toy store. [Madox] picked up a few blister packs and began modeling his ideal trackball.
With the proper shape in hand, [Madox] needed a way to get this design into a computer. Photogrammetry is the solution, and while earlier experiments with Autodesk Catch were successful, Autodesk has morphed and rebranded their photogrammetry software into Autodesk ReMake. Turing a pile of styrofoam balls into a 3D model is as simple as taking a bunch of pictures and uploaded to Autodesk’s ‘cloud’ service.
In just a few minutes, a proper 3D mesh arrived from the Autodesk mothership, and [Madox] took to importing this model into Fusion 360, fiddling with chamfers, and eventually got to the point where a 3D printer was necessary. It took a few revisions, but now [Madox] has a custom designed trackball that was perfectly ergonomic.
We have a love-hate relationship with biometric ID. After all, it looks so cool when the hero in a sci-fi movie enters the restricted-access area after having his hand and iris scanned. But that’s about the best you can say about biometric security. It’s conceptually flawed in a bunch of ways, and nearly every implementation we’ve seen gets broken sooner or later.
Case in point: prolific anti-biometry hacker [starbug] and a group of friends at the Berlin CCC are able to authenticate to the “Samsung Pay” payment system through the iris scanner. The video, embedded below, shows you how: take a picture of the target’s eye, print it out, and hold it up to the phone. That was hard!
Sarcasm aside, the iris sensor uses IR to recognize patterns in your eye, so [starbug] and Co. had to use a camera with night vision mode. A contact lens placed over the photo completes the illusion — we’re guessing it gets the reflections from room lighting right. No etching fingerprint patterns into copper, no conductive gel — just a printout and a contact lens.
[Alex Williams] created his Open Source Underwater Glider project as an entry to The Hackaday Prize, and now it’s one of our twenty finalists. This sweet drone uses motor-actuated syringes to serve as a ballast tank, which helps the glider move forward without the use of traditional propellers.
Unlike most UAVs, which use motors to actively move the craft around, [Alex]’s glider uses the syringes to change the buoyancy of the craft, and it simply glides around on its wings. When the craft starts getting too deep, the syringes push out the water and the glider rises toward the surface until it’s ready for another glide.
This low-power solution allows for long-term science projects and research. In addition to conserving power, the glider’s slow travel does not disturb the water or sea life.
[Alex]’s goal is to make his glider open source and 3D printable, combined with off-the-shelf hardware and ArduSub under the hood.