Crypto Hygiene?

Steve Schear s.schear at
Fri Aug 22 02:04:10 EDT 2003

At 04:45 PM 8/11/2003 -0400, dmolnar wrote:

>(also posted to sci.crypt in modified form)
>At Usenix Security, Eric Rescorla pointed out that some of the
>cryptographic flaws we have seen can be prevented by applying good
>"crypto hygiene." My questions for the floor --
>         * What is "good hygiene" ?
>         * Where would I find it written down?
>         * How do we develop good hygiene?

The problems implementing reliable crypto seem to parallel the problems 
which plagued early digital logic design.  Although digital logic operates 
as if only zeros and ones exist, in fact the physics underlying the circuit 
components is analog.  Until technologists developed SSI, MSI and later LSI 
circuits, which pretty effectively "walled off" the analog world, engineers 
were forever chasing analog demons in their digital designs.  Now these 
problems generally appear only when circuits or their environment (e.g., 
speed, temperature and voltage) exceed design parameters.

Mark Miller's approach using "E" may be one approach for applying the 
"walling off" practiced in digital design for security.


"...for every complex problem, there is a solution that is simple, neat, 
and wrong."
-- H.L. Mencken 

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list