help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Device crypto support

Status: Released Submitted by on ‎04-26-2018 16:41
6 Comments (6 New)

I'd like to request better cryptography/randomness generation support for the device.

 

Currently generating an HMAC with SHA-1 takes several seconds, and generating it for multiple tokens will cause an app to crash.

 

From a security perspective it would be preferable to do all calculations on a device instead of sending data between the phone and the watch (at least in my use case of generating MFA tokens).

 

 

See more ideas labeled with:
6 Comments
MorrisTimm
Recovery Runner
‎04-26-2018 22:21
‎04-26-2018 22:21

I think access to cryptographic functions is a great suggestion and it's necessary for any kind of security. 

 

I think secure random values and digests like sha256 are needed.

 

With the whole Fitbit pay stuff I think it is reasonable to assume that the hardware supports this. It is just a matter of exposing the API.

JumpMaster
Recovery Runner
‎04-30-2018 00:18
‎04-30-2018 00:18

The processor in the ionic (I assume also the Versa) and Pebble Time are both ARM M4 variants (M3 in OG Pebble).  But where as the Pebble can generate an HMAC in a time which is indistinguishable to instant it takes 4-5 seconds on the Versa.  I would only imagine this is caused by the JVM and a lack of direct access to certain functions on the CPU or these functions are been emulated causing the slowdown.

 

I would like to see this issue resolved but would really like to know what's causing it.

SunsetRunner
Not applicable
‎05-10-2018 08:19
‎05-10-2018 08:19

Nice suggestion @Lixxia and thanks for sharing within the community. We look forward to reading what else other developers think.

SunsetRunner
Not applicable
‎05-10-2018 08:20
‎05-10-2018 08:20

@Lixxia: is there a way for you to DM me the code that are making your app crash please? I would like to see what is happening.

Lixxia
Jogger
‎05-10-2018 08:28
‎05-10-2018 08:28

Sure thing @SunsetRunner, I'll send it over.

Status changed to: Released
JonFitbit
Fitbit Developer
Fitbit Developer
‎11-06-2019 00:41
‎11-06-2019 00:41

SDK 4.0 now includes crypto functionality based on SublteCrypto.

https://dev.fitbit.com/blog/2019-10-29-announcing-fitbit-os-sdk-4.0/

To comment, you must first accept the terms of the Idea and Feedback Submission policy.
Accept Terms and Comment