The wisdom of the ill informed

Anne & Lynn Wheeler lynn at garlic.com
Mon Jun 30 12:49:11 EDT 2008 

James A. Donald wrote:
> Committees of experts regularly get cryptography wrong - consider, for 
> example the Wifi debacle.  Each wifi release contains classic and 
> infamous errors - for example WPA-Personal is subject to offline 
> dictionary attack.
>
> One would have thought that after the first disaster they would have 
> hired someone who could do it right, but as Ian long ago pointed out, 
> in "the market for silver bullets", they are unable to tell who can do 
> it right.  The only people who know who the real experts are, are the 
> real experts.   If you knew who to hire, you could do it yourself, and 
> probably should do it yourself.  So they hire expert salesmen, not 
> cryptography experts.
the other scenario was that the cryptography part was done from such a 
myopic standpoint ... that they failed to consider the end-to-end 
infrastructure.

I've repeatedly heard excuses that the cryptographers in the wifi 
debacle believed that they could only design a solution based on 
significant hardware restrictions/constraints. part of what i observed 
... by the time any of them shipped ... the hardware 
restrictions/constraints no longer existed . the other thing that i 
observed was that with relatively trivial knowledge about chips ... it 
was possible to come up with an integrated solution that incorporated 
both the necessary hardware and the necessary cryptography  ...  there 
has got to be some analogy here someplace about the blind trying to 
describe an elephant; in addition to the "point solution" analogy, 
failing to take in the overall infrastructure.

i've repeatedly claimed that we did that in the AADS chip strawman solution
http://www.garlic.com/~lynn/x959.html#aads

that including addressing all the issues that showed up in scenarios 
like with the "yes cards"
http://www.garlic.com/~lynn/subintegrity.html#yescards

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list