[Cryptography] "Death Note" elimination for hashes

ianG iang at iang.org
Tue Oct 22 05:38:28 EDT 2013


On 22/10/13 04:13 AM, Pat Farrell wrote:
> On 10/21/13 6:06 PM, Jerry Leichter wrote:
>> Sorry, but hardly anyone will read this; most of those that do won't really
>> understand what it means; and, in general, it will just piss users off.
>> You broke the Internet for them.  All this verbiage doesn't make it any better.
>>
>> Security is important, but the fact is that if you *ask* people whether they would
>> choose to be locked out of their on-line banking accounts for some indefinite period,
>> or be able to access their account at some small risk, you'll find hardly
>> anyone who wants to be locked out.
>
> It is only important for folks on this list and a tiny percentage of the world's users.
> We learned this the hard way at CyberCash in the 90s.


There's a name I was scared of a long time ago :)

> We used RSA and DES and serious
> protocols. Paypal was convenient. Their security was a joke. CyberCash folded before
> the dot.boom. Paypal made billionaires out of its founders.


Actually, consumers want a business.  Paypal provided an element in a 
business being settling the eBay transactions.

Yes, everything else is convenience, and security is part of 
convenience, but Paypal didn't win just because of convenience.  They 
won because they found themselves in a business, a subtlety that new 
payments providers continue to miss today.


> Which led to the security team
> coining a rule: Consumers want convenients, not security.


Kerckhoffs' 6th principle is the most important and the most forgotten:

"6. Finally, it is necessary, given the circumstances that command its 
application, that the system be easy to use, requiring neither mental 
strain nor the knowledge of a long series of rules to observe."

The penalty for breaching K6 is oblivion.



Back on topic -- yes, I agree with the criticism.  While a very 
interesting thought experiment, the idea of a death notice brings in a 
lot of complexity, which will make the system less robust.  Including at 
the business level as pointed out.  The idea that you can simply 'turn 
off' a part of a protocol and expect the resultant protocol to repair 
itself is a tough call.  Also, I'm not sure how well it will work when 
sending two megabybe messages that collide...

But it's definately a fun thought experiment to have over beers.


iang



More information about the cryptography mailing list