Is cryptography where security took the wrong branch?

Michael Shields shields at msrl.com
Tue Sep 2 18:09:51 EDT 2003 

In message <3F53A50D.3DD74AEB at systemics.com>,
Ian Grigg <iang at systemics.com> wrote:
> For example, he states that 28% of wireless
> networks use WEP, and 1% of web servers use SSL,
> but doesn't explain why SSL is a "success" and
> WEP is a "failure" :-)

Actually, he does; slide 11 is titled "Why has SSL succeeded?",
and slide 23 is titled "The WEP Debacle".  Also, although speakers
often do nothing more than read what's on the screen, a talk does
ideally involve more content than is on the slides.

I would agree that HTTPS has been more successful than WEP, in the
sense of providing defense against real threats.  HTTPS actually
defends against some real attacks, providing an effective answer to a
clearly defined problem: preventing the exposure of sensitive
information such as credit card numbers, even in the face of
eavesdropping and server impersonation.  This is only one threat model
and maybe not the most realistic one, but HTTPS does define it and
address it.  Meanwhile, WEP is too weak to prevent any attacks; and
even if it were not cryptographically weak, its stone-age key
management would make it a poor tool for any network with more than a
handful of users.

A very relevant question is why WEP has been so much more widely
deployed than HTTPS.  Eric Rescorla is correct that people choose
whether to use security measures or not based mostly on how convenient
they are, not on how much they need them.  In this sense, HTTPS is a
failure; although it is effective, it is so difficult to use that
almost no one bothers unless credit card numbers are involved.

Security needs to be easy, or people will just put up with losses instead.

> One thing he doesn't stress is design by committee
> v. design by small focused team.  Much of SSL and
> SSH's strengths are that they were designed and
> deployed quickly and cheaply (and insecurely!) so
> as to tap into real needs real quickly.  I would
> suggest that any security protocol designed by a
> committee has a low survivability rating.

In fact, early versions of both SSL and SSH had extensive flaws; it
took many people to evolve them into their present states.  *All*
security protocols have low survivability ratings.  Inventing a new
protocol is extremely hazardous.
-- 
Shields.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list