User interface, security, and "simplicity"
James A. Donald
jamesd at echeque.com
Sun May 4 21:46:49 EDT 2008
Thor Lancelot Simon wrote:
> And, in fact, most VPN software of any type fails this test. My concern
> is that an excessive focus on "how hard is it to set this thing up?" can
> seriously obscure the important second half of the question "and if you
> set it up in the easiest possible way, is it safe?"
If there is a wrong way to do it, the end user will do it wrong. Expert
cryptographers frequently fail to act correctly on their understanding
of cryptography. The end user has no chance - and the chances are still
not all that good even if your end user is highly qualified cryptographer.
What users comprehend, and are used to, is you that set up an account
with username and password, and an admin blesses the account with
appropriate privileges as a result of some out of band communication -
which username and password has to be secured, invisibly to the user,
against offline and phishing attacks, without requiring any thought or
vigilance by the user - see my web page for
<http://jim.com/security/how_to_do_VPNs.html> for attacks on the
password model, and defenses against those attacks.
This comes naturally to humans, for humans have long relied on
shibboleths for security against treachery by outsiders. Thus the
computer interface to our clever cryptographic algorithms must resemble
as closely as possible the ancient human reliance on shibboleths for
security.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list