Crypto Hygiene?
Steve Schear
s.schear at comcast.net
Fri Aug 22 02:04:10 EDT 2003
At 04:45 PM 8/11/2003 -0400, dmolnar wrote:
>(also posted to sci.crypt in modified form)
>
>At Usenix Security, Eric Rescorla pointed out that some of the
>cryptographic flaws we have seen can be prevented by applying good
>"crypto hygiene." My questions for the floor --
>
> * What is "good hygiene" ?
> * Where would I find it written down?
> * How do we develop good hygiene?
The problems implementing reliable crypto seem to parallel the problems
which plagued early digital logic design. Although digital logic operates
as if only zeros and ones exist, in fact the physics underlying the circuit
components is analog. Until technologists developed SSI, MSI and later LSI
circuits, which pretty effectively "walled off" the analog world, engineers
were forever chasing analog demons in their digital designs. Now these
problems generally appear only when circuits or their environment (e.g.,
speed, temperature and voltage) exceed design parameters.
Mark Miller's approach using "E" may be one approach for applying the
"walling off" practiced in digital design for security.
steve
"...for every complex problem, there is a solution that is simple, neat,
and wrong."
-- H.L. Mencken
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list