[Cryptography] new wiretap resistance in iOS 8?

Peter Fairbrother zenadsl6186 at zen.co.uk
Sun Sep 21 19:14:22 EDT 2014 

On 20/09/14 21:18, John Denker wrote:

>   There will never be perfect security.  The measure
>   of good security is that it imposes a cost on the
>   attacker, out of proportion to the cost borne by
>   the user.

Aaarrrghh, not that old bollocks again.

"Out of proportion"? - bear in mind Robert Morris's second rule: "Never 
underestimate the attention, risk, money and time that an opponent will 
put into reading traffic."

Plus remember, we don't ever really know the full resources of an 
attacker, or how effective they are.

The costs might be well out of proportion - but the attacker might still 
be willing to pay his.



Security is only good if, in practice, it resists an attacker's attempts 
to break it.

Now what might be good enough in one case might not be good enough in 
another; if for example an attacker can employ extended resources in the 
second case.


If an attacker can only employ effective extended resources in limited 
numbers, well you could say "it sucks to be the loser, but most of us 
are safe" -

- but I will not say that. I will say instead that most of us are at risk.



Nor do I subscribe to the idea that security has to have any significant 
cost to the user - modern encryption is essentially free and 
unbreakable, why can't we do the same with the rest of our systems? 
Especially software systems - the cost of distributing software is lost 
in the noise.

The reason why the security behind those systems isn't essentially free 
and unbreakable lies mostly in those who design them - they are not 
security minded. They make things which are not secure but which are 
popular and easy to use, and thus those things get used - we have to 
make those popular things secure.


The converse is that secure products have to have the same popularity 
and ease of use.

If a luser has to RTFM, it don't fukken work.


-- Peter Fairbrother

(hint re password reminder service - why does it have to be Apple who 
remembers, or doesn't remember, the password? Distributed key shares are 
old news)

More information about the cryptography mailing list