draft paper: "Deploying a New Hash Algorithm"
Steven M. Bellovin
smb at cs.columbia.edu
Fri Aug 5 12:04:34 EDT 2005
In message <7d752ae30508040723d2376a5 at mail.gmail.com>, Steve Furlong writes:
>> [Moderator's note: ... attackers are often cleverer than protocol
>> designers. ...
>
>Is that true? Or is it a combination of
>
>(a) a hundred attackers for every designer, and
>(b) vastly disparate rewards: continued employment and maybe some
>kudos for a designer or implementer, access to $1,000,000,000 of bank
>accounts for an attacker
>
I'd have phrased it differently than Perry did. I'd say that the
attackers are often cleverer *about security* than protocol designers,
because insecurity is their specialty. Ordinary protocol desingers are
good at designing those protocols, but they haven't been trained to
think about security. Here's how I put it in my talk at the IETF
plenary last night:
\ns{Patterns of Thought}
\item Serial number 1 of any new device is delivered to your enemy.
\item You hand your packets to your enemy for delivery.
\item Your enemy is just as smart as you are. If we haven't seen
a given class of attack yet, it's because it hasn't been necessary;
simpler attacks have worked well enough. (Besides, how do you know
if you'll actually notice it?)
\endns
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list