[Cryptography] Secure erasure

Ralf Senderek crypto at senderek.ie
Sun Sep 11 06:00:48 EDT 2016



On Sat, 10 Sep 2016, Jerry Leichter wrote:

>  The sophisticated attacks we talk about here are *not* how hacking is done today.
>  We haven't even seen evidence of the government actors going that far.
>  There are way too many easier attacks.

Agreed.

>  If you some how manage to build really secure traditional OS's and
>  eliminate all the easy attacks, people may start doing the obscure stuff.
>  Until the attackers move there, no one will pay for the defenses.

I have difficulties following this logic. Because if you continue to keep
traditional OSes insecure, which isn't very unlikely, easy attacks remain
and no-one will want (or pay for) a secure system?

Again, this logic presumes that every crypto is being done on the insecure,
traditional OS, so that a hole in the main OS devalues everything.
Why should an ordinary user not be interested in using a separate system
with faaaaar less vulnerabilies than the OS he normaly uses?

The norm is sending unencrypted email. Why should the desire to protect
emails better (the demand) suddenly appear once we've got good traditional
OSes, something we might wait for forever?


     --ralf



More information about the cryptography mailing list