Cryptography as a component of security

Russell Nelson nelson at crynwr.com
Sun Nov 2 00:12:02 EST 2003


I listened to yet another talk on computer security, which
incorporated security.  It got me to thinking two things:

  o Pseudo-random implies pseudo security.

If you're re-keying by running the old key through a pseudo-random
function without adding any new entropy, then you're not re-keying at
all.

  o Security is not an absolute value.  It only makes sense as a
    relative value.

You cannot say that a system is "secure".  You can only say that it is
secure against a certain threat.  It's quite reasonable to say that
GPG using a 2048-bit key is secure against all known attacks today.
You've defined the threat ("all known attacks today") and the type of
cryptography.  Any kind of claim of "security", without defining what
the expected attacks the system will withstand, are *inherently* snake
oil.

Let me say this again in the strongest possible terms: even if you are
using industry-standard cryptography (e.g. RSA, Triple-DES, AES, etc),
and yet you do not define your threat, then any claims that your
system is "secure" are claims about snake oil.

Maybe I'm preaching to the converted, but apparently you can get a PhD
and apply for funding without understanding these issues.

-- 
--My blog is at angry-economist.russnelson.com  | Can I recommend python?
Crynwr sells support for free software  | PGPok | Just a thought.
521 Pleasant Valley Rd. | +1 315 268 1925 voice | -Dr. Jamey Hicks
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list