[Cryptography] Trust & randomness in computer systems

rcs at xmission.com rcs at xmission.com
Wed Mar 16 16:42:07 EDT 2016


Keeping the spirit of Henry's approach, a rework,
but avoiding the cost of completely starting over:

One advantage of a multi-engine plane is that one
engine may fail, but the plane can keep flying,
albeit at reduced performance.

If we designed our systems with multiple, swapable,
parts, we could swap out obsolete pieces without
disabling the whole structure.

Triple-DES functions as an enhanced-security cipher,
built from the less secure DES.  Suppose we used
a triple cipher with three different pieces: maybe
DES + Blowfish + IDEA.  When DES is weakened by
Moore's Law or crypto advances, we can slot in RC5
as a replacement for the part without crashing the
plane.  The upgrade can be scheduled, and phased in,
rather than being an emergency do-it-now patch.

Similarly for hashing: The full hash of a file is now
a side-by-side triple, MD5 + SHA1 + RIPEMD.  When
MD5 looks weak, we replace it with SHA2 or KECCAK.

Similar notions should work for asymmetric ciphers,
signatures, key agreement, etc.

It's unclear how to extend this to protocols, which
are more complex than ciphering.  It's also only
slightly helpful for defending against side-channels,
with their peek-inside capabilities.  But it would
help with smoother upgrading of crypto primitives.

Rich Schroeppel

-------
Quoting Henry Baker <hbaker1 at pipeline.com>:

> Even though I'm a formalist by nature & training,
> I can see that formal methods are not going to be
> sufficient to solve most of the problems in computer
> security today.
<clip>






More information about the cryptography mailing list