crypto question

Wed Mar 27 15:51:49 EST 2002

At 12:23 PM -0700 3/24/02, lynn.wheeler at firstdata.com wrote:
or just security proportional to risk ...

While a valid engineering truism, I have a number of issues with that dictum:

1.  It is too often used as an excuse for inaction by people who are 
poorly equipped to judge either risk or cost.  We've all encountered 
the "experts on tap, not on top" attitude of many managements.  There 
was a good reason the U.S. centralized all crypto in the NSA after WW 
II. Managers in organizations like the State Department simply 
ignored known security compromises.  Communications security never 
had a high priority with functional managers, so it was taken away 
from them.

2. Costs are often overstated or quoted out of context. A $1000 
coprocessor that can verify 100 keys per second ends up costing under 
a millicent per verification, even allowing a large factor for peak 
demand.  The added cost to store long keys is tiny. Good engineering 
(often the biggest cost) can be spread over many applications. Cost 
of keeping up with security patches is likely modest compared to 24/7 
watchman security for a physical location.

3. The nature of risk is very different in cyberspace. Many 
cryptographic techniques introduce single points of failure.  Bonnie 
and Clide can't rob all the banks at once, but the wily hacker might. 
It may be cheaper to employ bullet-proof solutions than to really 
understand the risks in "good enough" approaches.

4. There is also the question of risk to whom. Many businesses seem 
to assume the the government will pick up the tab for a major cyber 
terrorism incident.  If business execs can say with a straight face 
that basic accounting principals are too difficult for them to grasp, 
imagine what they will say about a massive crypto failure. So in a 
sense taxpayers and  consumers are being asked to insure some of 
these risks.  I suspect they would gladly pay the added costs 
(pennies) to apply the best available technology.

5. There is a failure to distinguish between components and systems. 
It may be true that any real world system has holes, but that is no 
reason to give up on perfecting the tools used to build these 
systems. Incorporating known weaknesses into new designs is not 
justifiable, absent a compelling, fact-based, cost/security analysis.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com