Maybe It's Snake Oil All the Way Down
Eric Murray
ericm at lne.com
Mon Jun 2 12:24:29 EDT 2003
On Mon, Jun 02, 2003 at 10:09:06AM -0400, Ian Grigg wrote:
> A lot of the tools and blocks are too hard to
> understand. "Inaccessible" might be the proper
> term. This might apply to, for example, SSL,
> and more so to IPSec. These have a lower survival
> rate, simply because as developers look at them,
> their eyes glaze over and they move on. I heard
> one guy say that "you can read SSH in an hour
> and understand what's going on, but not SSL."
Some who can't understand SSL won't be able to do better.
Especially since there is at least one very good book on it.
> Also, a lot of cryptosystems are put together
> by committees. SSH was originally put together
> by one guy. He did the lot.
The original SSH protocol had holes so large that
you could drive a truck through them. Tatu posted
it to various lists and got lots of advice on
how to clean it up. It still had holes that were being
found years later.
SSLv2, which was also designed by an
individual, also had major flaws. And that was the
second cut! I haven't seen v1, maybe Eric can
shed some light on how bad it was.
Peer review is not "design by comittie". It is
the way to get strong protocols. When I have to roll my
own (usually because its working in a limited environment
and I don't have a choice)
I get it reviewed. The protocol designer usually misses
something in his own protocol.
> I'd say that conditions for Internet crypto system
> success would include:
0. USE EXISTING SECURITY PRIMITIVES
which allows you to
> 4. Concentrate on the application, not the crypto.
Rolling your own crypto is where 95% of crypto apps fail...
the developers either take too much time on it to the detrimient
of the useability because it is the sexy thing to work on, or
they write an insecure algorithm/protocol/system. Usually
they do both!
Eric
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list