[Cryptography] Security is a total system problem (was Re: Perfection versus Forward Secrecy)

Tony Arcieri bascule at gmail.com
Sat Sep 14 20:30:00 EDT 2013

On Fri, Sep 13, 2013 at 12:23 PM, Perry E. Metzger <perry at piermont.com>wrote:

> I strongly suspect that delivering them securely to the vast number
> of endpoints involved and then securing the endpoints as well would
> radically limit the usefulness. Note that it appears that even the
> NSA generally prefers to compromise endpoints rather than attack
> crypto.

Yes, even airgapping keys within an organization scales poorly (I say this
as an employee of a company that has built a high availability encryption
service around HSMs). While USB drives are certainly large enough to store
huge pads, the fact remains that OTP is only better than other systems if
we can keep the keys off the wire. This means that we need a sneakernet to
move keys around.

The payments industry in the US has done this somewhat successfully. They
do things like shipping fragments of the keys through different shipping
companies, having the recipient reassemble them at their end. Even then
it's difficult to know if they've been intercepted: you can encrypt them,
and put the drives in tamper evident bags, but at least the latter can be

Obviously the Public Key Infrastructure scales a lot better than this

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130914/dfdec682/attachment.html>

More information about the cryptography mailing list