[Cryptography] Secure erasure

[Henry Baker]

At 12:47 PM 9/13/2016, alex at alten.org wrote:
>Quoting Jerry Leichter <leichter at lrw.com>:
>>So the alternative is to look elsewhere:  Security is a *system*  
>>property, just like reliability; so as we build reliable systems  
>>from unreliable components, we need to build secure systems out of  
>>insecure components.  Though as far as we can tell, there needs to  
>>be more of a secure core to bootstrap with than a reliable core.
>
>Now that is a fabulous insight!  It really crystallizes my thought processes
>over the past few years. I was (too slowly) coming around to the fact that
>we have to build secure systems with what we have, not what we should have.

A systems property still requires proper components to operate.

I recently came across an old (~1915??) movie by the Metropolitan
Museum of Art (NYC) about medieval armor.  I believe that it's on
YouTube.

It's absolutely fascinating how many components were required and
the intricate workmanship to make this armor.  You can bet that N
people died in order to define the requirements for each component.

Of course, as the threats evolved, so did the armor.  By WWI,
people had pretty much given up on armor, so people either didn't
wear helmets, or their helmets were worthless (security theater). 
(I'm not sure how much modern helmets help today; perhaps they
only protect one's head from bouncing around the inside of a
vehicle after it's been hit by an IED; of course, that level
of protection might be available from a bicycle helmet.)

Our 1980's-style software systems are currently dying in great
numbers from their naive designs.  Hopefully, we will learn
from these experiences.