[Cryptography] Vote of no confidence.

[Lodewijk andré de la porte]

You are entirely right in that security comes second to most things,
especially features.

2014-06-06 21:08 GMT+02:00 Bear <bear at sonic.net>:

> Ultimately, I believe in security.  But what I believe
> about security leaves me far from the cutting edge; my
> security environment is more like bearskins and stone
> knives, because bearskins and stone knives are simple
> enough that I can *know* they won't do something I don't
> want them to do.  Smartphones and computers simply cannot
> provide that guarantee. The parts of their security models
> that I do understand, *won't* prevent any of the things
> I don't want them to do.
>

I'm afraid that not even our chips can provide any guarantees anymore. It's
mostly (entirely?) because they have grown so complex. The question is how
to have "secure bottlenecks", behind which complexity can exist without
causing any harm.


> An iron box with a padlock on the other hand is a simple
> enough security model to understand, and does provide
> strong guarantees about what that environment won't do.
>

I don't consider my physical safety to be very high. Maybe that's a
mistake, but anyone could knock in my windows (double glass is hardly any
stronger than single glass) and break whatever physical security I have.
Breaking my computer/software stuff takes real skill. I'm not so very high
value (yet) so nobody would expose his/her capabilities hacking me.

At least, that's the general reasoning. I will have to increase my security
gradually as my getting-hacked value increases. And it really worries me. I
don't know how to increase security very far. So little of the stack is
trusted. Actually nothing in the stack is trusted. It's like getting
entropy without randomness, it just isn't there. The CPU itself, with it's
remote administration, the motherboard, with it's build-in ethernet port,
the macrokernel OS with it's binary drivers, etc, etc.

What's worse is that security is immeasurable, the cost of a loss of
security is unclear, etc. How can I justify buying something that's
obviously worse for everything except security?


> Just a musing, I guess....  the point is that the industry
> is now building security models which want to provide
> collaboration, and single sign-on, and synchronization,
> and interoperation, and 'cloud storage' and so forth -
> but in doing so simply do not and can't provide good
> reasons for trust nor solid mathematical proofs of
> how the things I don't want them to ever do have been
> rendered impossible.
>

Single sign on has the potential for being a fantastic measure for identity
and security online. The way it's done now quite the opposite is happening.
Integration of services causes security woes. Fallback upon e-mail is still
a crazy anti-account-capture-measure that's nonetheless very effective.

Your musing is heard and agreed with. In sorrow I must say that we are in
quicksand up to our noses, and most people like it down here. If we are to
get out it will be a very painfull, very long process.

And some people say snorkles will keep us perfectly happy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140607/9395da8d/attachment.html>