[Cryptography] Old tech rulez!

[ianG]

On 23/12/13 21:34 PM, dan at geer.org wrote:
>
>   > What the recent revelations really show is that the NSA is abjectly
>   > incompetent at its real job which is making America safe. They have
>   > failed to protect the confidentiality of US government secrets.
>   > They were pwned by a 29 year old contractor.
>
> It is said that the most important legacy for an executive
> is what did not happen on their watch.  In a complexifying
> world, the list of things that did not happen (the numerator)
> becomes as inestimable as the list of things that could
> have happened (the denominator), thus reducing  conversations
> on a given legacy to the listing of anecdotes.


Yes.  The problem is that the number of risks is huge, and you have to 
accept some.  Insider threats are mitigated, but you cannot ever get 
over the fact that insiders are human and don't bend well to risk 
analysis or tech or rules.

Outsiders can never understand that.  You've gotta take some losses on 
the chin, elsewise you're in fantasy land.


> In the meantime, what do you think of the Russians going
> back to typewriters?  To be crisp, on a scale from paranoid
> fantasy (0) to unshakeable genius (100), where would you
> place the mark?


There is historical precedent on switching to old tech [0].  The Battle 
of the Bulge was a surprise attack because Adolf Hitler -- himself only, 
and not his generals -- did not trust the crypto and comms anymore.  He 
got suspicious about how many battles were going the enemy's way.

In his last roll of the dice, Hitler sent all the orders by motorcycle 
riders [1].  Total surprise.



iang



[1] Sorry, I don't have a reference.  Ob crypto:  the allies were 
reading the Enigma traffic.  Those that don't read history are doomed to 
repeat it ...

[0] as well as Hollywood precedent:  the line "Old tech rulez!" comes 
from _Mercury Rising_ a well recommended entertaining film about crypto, 
albeit based on a slightly unrealistic premise.