[Cryptography] paranoid cryptoplumbing is a probably not defending the weakest point

Perry E. Metzger perry at piermont.com
Tue Sep 17 11:54:49 EDT 2013

On the "Paranoid Cryptoplumbing" discussion:

I'd like to note quite strongly that (with certain exceptions like
RC4) the odds of wholesale failures in ciphers seem rather small
compared to the odds of systems problems like bad random number
generators, sabotaged accelerator hardware, stolen keys, etc., and a
smart attacker goes for the points of weakness.

I'm not going to put my admin hat on and stop the discussion so long
as it remains relatively sane and technical, but for most purposes it
is probably just reinforcing a steel door in a paper wall.

(Of course, if the endpoints are trusted hardware running a formally
verified capability operating system and you still have time on your
hands, hey, why not? Of course, when I posted a long message about
modern formal verification techniques and how they're now practical,
no one bit on the hook.)

All that said, even I feel the temptation for low performance
applications to do something like Bill Frantz suggests. It is in the
nature of people in our community to like playing with such things.
Just don't take them *too* seriously please.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list