[Cryptography] [RNG] on RNGs, VM state, rollback, etc.

Russ Nelson nelson at crynwr.com
Sun Oct 20 16:32:27 EDT 2013


John Denker writes:
 > On 10/19/2013 09:38 PM, Russ Nelson wrote:
 > > John Denker writes:
 > 
 > <snip>
 > 
 > > Crypto without a threat model is like cookies without milk.
 > > 
 > > You're making a claim about the security of a cryptographic algorithm
 > > without specifying the threat model. You are, technically, in a state
 > > of sin. I forgive you my son. Your penance is to memorize another 30
 > > digits of pi.
 > 
 > Could we please dial back the ad_hominem nonsense?

I was trying to be funny, to dampen the pain of having your mistake
called out. That didn't work; my apologies. And you *were* wrong,
because you mentioned crypto without mentioning the threat
model. SERIOUSLY. "Crypto" is one hand clapping without a threat model
to clap against.

We *all* know that all cryptography can be cracked; it's just a matter
of resources and time. Therefore, complaining about weak cryptography
is meaningless unless you say what you're defending against, because
ultimately, ALL crypto is weak. It's only in the context of a threat
model that we can evaluate the security of cryptograhy. Pig latin is
effective against a two-year-old. Norwegian is effective against an
English speaker (as my parents well understood). ROT-26 is effective
against people who don't know how to read.

You know this. You just forgot. I was just reminding you.

 > It is kinda comical to see the one guy who actually /has/
 > discussed a range of threat models (e.g. 10/19/2013 02:21 PM)
 > patronized via sweeping value judgments with no discernible 
 > connection to any of said threat models.

Sorry, but you have to do it every time. Every one has its zero; every
electron has its hole.

Cryptography without a threat model is like cookies without milk. Keep
saying it until you have it memorized.

-- 
--my blog is at    http://blog.russnelson.com
Crynwr supports open source software
521 Pleasant Valley Rd. | +1 315-600-8815
Potsdam, NY 13676-3213  |     Sheepdog       


More information about the cryptography mailing list