crypto question

Pat Farrell pfarrell at pfarrell.com
Thu Mar 21 20:04:19 EST 2002 

At 08:52 PM 3/20/2002 -0800, Mike Brodhead wrote:
>> The usual good solution is to make a human type in a secret.
>Of course, the downside is that the appropriate human must be present
>for the system to come up properly.  

Yes, of course, that is why I wrote:
>>The usual bad solution is to store it in a secret place, or encrypted with 
>>a key kept elsewhere (source, secret file, LDAP, etc.)

as most operations don't want to wait for a human to type something.
As long as folks understand that they can't really have security,
then it is just an engineering tradeoff.

Several folks also wrote about using a SBO approach:
>1) You are trying to distribute an obfuscated binary which
>encrypts/decrypts using a secret key, with the goal that the key resist
>reverse engineering. The usual application for this is DRM, but you can
>also use this to do "public-key encryption" from any symmetric algorithm
>(obfuscate the encryption function!).

To me, Security By Obscurity is known to be too weak to use,
and Security By Obfuscation is isomorphic to SBObscurity.
Consider the obfuscation with a strong cipher. Then all you have to
do is manage the keys.

One guiding principal of strong cryptography is that the algorithm,
and source code is well known. The key is what is unknown.
Other approaches tend to approach snake oil

The problem with the DRM model is not that the crypto won't work,
it will if the keys are managed. But I've not seen anyone willing
to work hard enough to manage the key distribution and local key
management to make it real.

None of this addresses the problem that you want to do trusted operations
on a user's PC that is inherently untrustable. For some applications,
eyewash such as smartcards provide the needed level of appearence
of security. If that fits your case, fine. And Carl Ellison has
a great patent for a software-only smartcard, it was transfered to CyberCash,
and I assume transfered to Verisign. It proves that anything 
you want to do with a smartcard you can do with software in a client/server
model. Pretty cool.

Pat


Pat Farrell                     pfarrell at pfarrell.com
http://www.pfarrell.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list