Hello,
It strikes me that one of the most bothersome spheres of technology with authentication problems is IoT, often on ARM Cortex-M devices running a very low resource LwIP or Simplelink TCP/IP stacks, such as smart lights and cameras.
What would be the major hurdles in implementing SQRL on a bare metal system? As a design engineer, I've seen ECC used, but I'm not (yet) very familiar with all the nuts and bolts of SQRL technologies being used. I just wanted to get a feel for what I'm in for if I decide to make it a hobby project, and if anyone has any advice to get started. Has it been done?
My initial thought on a use case would be a WiFi connected device that wants to have different privilege levels for users communicating to it over the network without storing any password hashes in NVM. And this would be on a device that wasn't designed with a micro that has any extra security features that might solve this problem. The device would be the SQRL server, and an actual server would be the only user with full access, acting as a SQRL client when connecting.
It strikes me that one of the most bothersome spheres of technology with authentication problems is IoT, often on ARM Cortex-M devices running a very low resource LwIP or Simplelink TCP/IP stacks, such as smart lights and cameras.
What would be the major hurdles in implementing SQRL on a bare metal system? As a design engineer, I've seen ECC used, but I'm not (yet) very familiar with all the nuts and bolts of SQRL technologies being used. I just wanted to get a feel for what I'm in for if I decide to make it a hobby project, and if anyone has any advice to get started. Has it been done?
My initial thought on a use case would be a WiFi connected device that wants to have different privilege levels for users communicating to it over the network without storing any password hashes in NVM. And this would be on a device that wasn't designed with a micro that has any extra security features that might solve this problem. The device would be the SQRL server, and an actual server would be the only user with full access, acting as a SQRL client when connecting.