system reliability -- Re: titles

Ed Gerck egerck at
Mon Aug 30 01:17:42 EDT 2004

David Honig wrote:

> At 12:12 AM 8/27/04 -0700, Ed Gerck wrote:
>>David Honig wrote:
>>>"Applications can't be any more secure than their
>>>operating system." -Bram Cohen
>>That sounds cute but I believe it is incorrect. Example: error-
>>correcting codes. The theory of error-correcting codes allows
>>information to be coded so that it can be recovered even after
>>significant corruption. 
> Yes.  But what makes you think the implementation you are
> using is not subverted? 

If I have N independent platforms, the probability is smaller.

> What makes you trust your md5 (or whatever) calculator,
> which is how/why you trust your downloaded code? 

Ah, the word "trust". What makes you trust something cannot be
that something by itself. It needs to be provided in multiple,
independently as possible, channels. What may make me trust a
MD5 fingerprint is the fact that the code works according to
some test vectors I define.

> And, summarizing a Turing award lecture, what makes you
> trust your compiler, much less "ps" or other OS monitors? 

That lecture needs to be understood after the word "trust" is
defined -- which, btw, the lecture never did.

  >>What this means is that the search for the "perfect" operating
>>system as the solution to security is backwards.
> What it means is that the weakest link will break first.

This is true but only if the weakest link is isolated. If you have
a strand with three threads, the weakest thread will break first but
the other two threads will still hold. Increase the number of threads
to N >> 1 and the weakest thread is not really relevant any more. Of
course, the system will still fail under an excess stress, but not
because one thread (read, OS) failed.

> Humans, generally.  

Yes, humans AND data are the weakest links.

> Also the infrastructure under your
> tools, ie OS.  And the tools used to build your tools, 
> ie compilers or interpreters.

But, according to the theory of error-correcting codes, the influence
of the errors you mention can be reduced to a value as close to ZERO as
you desire.

> Its not a "search for a perfect" anything; its a recognition
> that trust in a system relies on trusting a great number of things; 
> if any one is toast, the system is toast.  

Not if designed well. A good security system is not like a baloon
that pops with one shot.

> Ask Niko Scarfo... used great crypto, but a $10 keylogger
> got him.  He might have run the most secure MULTICs around,
> but the weakest link was his keyboard, and a black-bag job.

When the heart confutes the mind, that man's hand confutes itself.

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list