system reliability -- Re: titles
David Honig
dahonig at cox.net
Sun Aug 29 21:06:39 EDT 2004
At 12:12 AM 8/27/04 -0700, Ed Gerck wrote:
>
>David Honig wrote:
>> "Applications can't be any more secure than their
>> operating system." -Bram Cohen
>
>That sounds cute but I believe it is incorrect. Example: error-
>correcting codes. The theory of error-correcting codes allows
>information to be coded so that it can be recovered even after
>significant corruption.
Yes. But what makes you think the implementation you are
using is not subverted?
What makes you trust your md5 (or whatever) calculator,
which is how/why you trust your downloaded code?
And, summarizing a Turing award lecture, what makes you
trust your compiler, much less "ps" or other OS monitors?
>What this means is that the search for the "perfect" operating
>system as the solution to security is backwards.
What it means is that the weakest link will break first.
Humans, generally. Also the infrastructure under your
tools, ie OS. And the tools used to build your tools,
ie compilers or interpreters.
Its not a "search for a perfect" anything; its a recognition
that trust in a system relies on trusting a great number of things;
if any one is toast, the system is toast.
Ask Niko Scarfo... used great crypto, but a $10 keylogger
got him. He might have run the most secure MULTICs around,
but the weakest link was his keyboard, and a black-bag job.
=================================================
36 Laurelwood Dr
Irvine CA 92620-1299
VOX: (714) 544-9727 (home) mnemonic: P1G JIG WRAP
ICBM: -117.7621, 33.7275
HTTP: http://68.5.216.23:81 (back up, but not 99.999% reliable)
PGP PUBLIC KEY: by arrangement
Send plain ASCII text not HTML lest ye be misquoted
------
"Don't 'sir' me, young man, you have no idea who you're dealing with"
Tommy Lee Jones, MIB
----
No, you're not 'tripping', that is an emu ---Hank R. Hill
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list