[Cryptography] Paranoia for a Monday Morning

Natanael natanael.l at gmail.com
Mon Oct 27 14:49:27 EDT 2014

Den 27 okt 2014 18:00 skrev "Jerry Leichter" <leichter at lrw.com>:
> We've seen increasing evidence that the NSA influenced the choice of
cryptographic standards towards designs that were extremely difficult to
get right - e.g., Dan Bernstein's claims that the standard elliptic curves
have arithmetic whose implementations need special-case paths that make
side-channel attacks much easier than they need to be.
> As I look at the world around me, however, I see few proven attacks
against fielded cryptographic implementations - but an ever-flowing stream
of attacks against another class of standardized software.  I'm talking, of
course, about browsers.  The complexity of browser standards - and of
ancillary software like Flash - has proved way beyond our capability to
program without error.  It's easy to blame Adobe or the Microsoft of old
for incompetent programming; but even the latest IE, produced under what
may be the best "secure software development chain" in the world; and
Chrome, a clean-sheet, open-source implementation by a team containing some
of the best security guys out there; continue to be found to have gaping
holes.  At some point, you have to step back and admit that the problem
doesn't lie with the developers:  They are being set up to fail, handed a
set of specifications that we simply too hard to get right.
> And that, of course, raises the question:  Accident, or enemy action?

How about "complexity" and "legacy compatibility"?

I'm cautiously optimistic for Mozilla's new engine under development
written in the memory safe language Rust. There's also one browser with
what it calls a formally verified kernel (http://goto.ucsd.edu/quark).

The web was bad enough already when the browser wars just was starting.
There was no need for any intelligence agency to fuel it. There were no
chance for defining a common well specified target. XHTML was one attempt
to create strict rules for structuring code on web pages, but browsers
moved towards being more lenient instead in parsing inputs because web
developers kept screwing up and you don't want to see the browser refuse to
even render 90% of all pages.

Maybe HTML6 will be more focused around capabilities thinking and well
defined features that can be implemented securely without breaking stuff?
We can all hope for it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141027/29d93074/attachment.html>

More information about the cryptography mailing list