[Cryptography] I don't get it.

[ianG]

On 16/04/2014 19:59 pm, Jerry Leichter wrote:
> On Apr 16, 2014, at 6:30 AM, ianG <iang at iang.org> wrote:
>> I'm not sure about this sudden explosion of angst that people are
>> feeling.  The Heartbleed event has been waiting for a long time.  The
>> code is very complex, the dev team is under-funded and overwhelmed, the
>> design is atrocious, the user-base is unhelpful, the apps are a lazy
>> mess, the security model is a vestigial facade and the critics have no
>> mercy.
> Come on, iang, don't hold back - tell use what your really think!  :-)


Oh, wait till you get me started on Bitcoin :)

>> Why hasn't it happened more times, is my question...  This is why I
>> track real events, because I can't believe they've been so lucky with
>> such a bad situation.  There has to be other things going on, and to
>> find them we need real science (is my guess).
> 
> Most of civilization is based on things that work by what appears to be blind luck.  There are some crazy estimates of how often airline pilots make mistakes - in the several times and hour range.  Almost all the mistakes have no effect because the systems are robust in immense numbers of ways.  Some of that is design; some of it is evolution:  Systems that aren't robust run into system-killer failures and disappear.
> 
> A look at the log files of any computer system out there will show you warnings and error messages and other kinds of flags of potential problems galore.  No one looks at them; no one cares.  The successful systems manage to proceed.  (Many, many years ago I wrote a note to RISKS contrasting the MS/DOS and Unix boot sequences.  Both had a crap-load of impossible-to-understand settings and tweaks, but one thing you could say about MS/DOS:  If you set things wrong, it always somehow managed to fall back to defaults that allowed it to boot.  In contrast, rendering a Unix system unbootable was trivial.)
> 
> Software in general is notoriously fragile.  Crypto software takes that fragility to an extreme, all the way from the algorithms themselves (though it now seems some of our standard algorithms are particularly fragile as the result of, err, enemy action) to the implementations to the procedures surrounding those implementations.
> 
> There are bits and pieces of work scattered around on the topic of "robust cryptography", but as a field of study or a well-understood group of practices, that doesn't really exist. We need it.  Badly.


Good description.  In SSL, we kind of got by in spite of bad practices.
 No such luck in Bitcoin, oh boy.  There, the results are as predicted
by the practices.  Why?  Why is it so?



iang