Accueil Explorer Aide
Connexion
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
open-plc-utils-0.3
/
docbook
/
security.xml

security.xml 2.9 KB
Lien permanent Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445 
  1. <chapter id='security'>
    2. 

  2. 	<title>
    3. 

  3. 		Security
    4. 

  4. 		</title>
    5. 

  5. 	<section id='security-intro'>
    6. 

  6. 		<title>
    7. 

  7. 			Introduction 
    8. 

  8. 			</title>
    9. 

  9. 		<para>
    10. 

  10. 			HomePlug AV devices support two types of secure access: Network Access and Device Access. Network access requires a Network Membership Key (NMK) that grants a device the right to join and participate in a given HomePlug AV powerline network. Device access requires a Device Access Key (DAK) that grants a local host the right to perform privileged operations on a given device. Both types of keys, the NMK and the DAK, are apparently random 128-bit (or 16-byte) integers. At the network level, any application that can produce the correct NMK or DAK can gain access to the network or the device that demands that key. 
    11. 

  11. 			</para>
    12. 

  12. 		</section>
    13. 

  13. 	<section id="encryption-keys">
    14. 

  14. 		<title>
    15. 

  15. 			Encryption Keys
    16. 

  16. 			</title>
    17. 

  17. 		<para>
    18. 

  18. 			There are many ways to generate keys but some methods are preferred to others. The HomePlug Powerline Alliance has published two algorithms for generating fixed-length, binary keys from human-friendly, variable-length character strings. One method generates an NMK and the other generates a DAK. We call these character strings "pass phrases" or "passwords".
    19. 

  19. 			</para>
    20. 

  20. 		<para>
    21. 

  21. 			Both HomePlug AV algorithms use the widely published SHA256 algorithm that converts variable length input to a statistically unique 256-bit (or 32 byte) digest or signature. It is statistically improbable that two inputs will produce the same output and is would be computationally expensive to determine the input given the output. Although these algorithms are approved by the HomePlug Powerline Alliance, there is no requirement to used them. Many other excellent algorithms exist.
    22. 

  22. 			</para>
    23. 

  23. 		</section>
    24. 

  24. 	<section id="user-passwords">
    25. 

  25. 		<title>
    26. 

  26. 			User Passwords
    27. 

  27. 			</title>
    28. 

  28. 		<para>
    29. 

  29. 			Atheros end-user software implements the recommended HomePlug AV algorithms for converting variable-length character strings (passwords) to fixed-length binary values (keys). This ensures that a given password will always produce the same key. It also ensures that no two passwords will produce the same key and that the key cannot be used to determine the password. A given password will also produce a different NMK and DAK.
    30. 

  30. 			</para>
    31. 

  31. 		<para>
    32. 

  32. 			HomePlug AV passwords are 12 to 64 characters long and may contain any ASCII character in the range 0x20 (space) through 0x7E (~). This character set essentially includes all printable characters that can be entered using an English Language keyboard.
    33. 

  33. 			</para>
    34. 

  34. 		<para>
    35. 

  35. 			People frequently confuse the DAK with the device password and the NMK with the network password. The password is a character string and the key is a binary value. The password are for people and the key is for computers.
    36. 

  36. 			</para>
    37. 

  37. 		</section>
    38. 

  38. 	<section id="security-strategy">
    39. 

  39. 		<title>
    40. 

  40. 			Password Strategy
    41. 

  41. 			</title>
    42. 

  42. 		<para>
    43. 

  43. 			</para>
    44. 

  44. 		</section>
    45. 

  45. 	</chapter>
    46.