[Cryptography] One third IT managers think homomorphic is already here

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun May 4 15:16:10 EDT 2014


Stephan Neuhaus <stephan.neuhaus at tik.ee.ethz.ch> writes:
>On 2014-05-03, 09:40, Peter Gutmann wrote:
>> You're looking in the mirror here and seeing people like yourself
>> making the decisions.  They're not, they're IT managers.  They're
>> doing the crypto in the cloud, with the keys in the cloud.  After
>> all, the data's already there, so if you trust the cloud with your
>> data you can also trust it with your keys.
>
>Do you have evidence for that?  You don't have to name it, just say "yes" if
>you know of examples; I'll believe you, even though it does boggle the mind.

It shouldn't really boggle the mind, the argument "if you trust the cloud with
your data you can also trust it with your keys" is one I've heard again and
again, it may sound strange to a security geek but to an IT manager it makes
perfect sense.  They may be opposed (at least on principle) to putting
sensitive data in the cloud, but once the data is there, the keys follow
naturally.  In any case it's not much different from having your data and keys
on a dedicated machine in a data centre, it's just a bit more... cloudy.

(In addition, for empirical data on this, look at some of the studies that
have been done on extracting keys from things like EC images).

Peter.


More information about the cryptography mailing list