Strength in Complexity?

Steven M. Bellovin smb at cs.columbia.edu
Tue Jul 1 19:47:16 EDT 2008 

On Tue, 01 Jul 2008 12:12:26 -0700
Arshad Noor <arshad.noor at strongauth.com> wrote:

> The author of an article that appeared in InformationWeek this week
> (June 30, 2008) on Enterprise Key Management Infrastructure (EKMI):
> 
> http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937
> 
> states the following:
> 
> "There are, of course, obstacles that must still be overcome by EKMI 
> proponents. For example, the proposed components are somewhat simple
> by design, which concerns some encryption purists who prefer more
> complex protocols, on the logic that they're more difficult to break
> into."
> 
> In light of the recent discussions about experts in cryptography,
> I thought I'd ask this forum to comment on the above author's
> statement: is this true?
> 
> Do cryptography experts deliberately choose complexity over simplicity
> when the latter might provide the same strength of protection?  Since
> I do not consider myself a cryptography expert, and have instinctively
> preferred simpler - but strong - technical solutions, have my
> instincts been wrong all along?  TIA.
> 
No, no one competent would deliberately opt for complexity.  However,
there's a quote I've seen attributed to Einstein to remember:
"Everything should be as simple as possible, but no simpler."
Sometimes, extra complexity is due to the need to deflect certain
attacks, such as replays and cut-and-paste.  It's quite possible that
the original, simpler design isn't resistant to some threats, either
because the designers weren't aware of them or because they felt that
they weren't credible in their environment.  Without more details than
are in the article (and I don't have the time or energy to read through
those documents), it's hard to say.  I did see one possible red flag in
the article: "the key server verifies the client request, then
encrypts, digitally signs, and escrows the key in a database".
Escrowed keys are potentially *very* dangerous, but without knowing
just what's being stored and how it's being protected, I can't say more.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list