[Cryptography] Cipher death notes

Ben Laurie ben at links.org
Wed Apr 1 17:57:14 EDT 2015


On 1 April 2015 at 15:40, Lodewijk andré de la porte <l at odewijk.nl> wrote:

> 2015-04-01 20:22 GMT+09:00 ianG <iang at iang.org>:
>
>> We can imagine the WGs worrying about the security effects of that.  Can
>> someone craft a virus that turns off *all* ciphers?  If the IoT thing is 20
>> years old and switches the cooling water on a NY nuclear powerstation, is
>> it clearly more secure by eliminating its 20 year old cipher?  Does the
>> fallback to cleartext make the effect of the last cipher dropping off
>> worse?  Is letting someone hack the cipher worse or better than disabling
>> access?
>
>
> It would probably decline all communication (fail to negotiate a
> protocol), which seems fine to me.
>

So, you think declining to control a nuclear power plant because some minor
device had a security issue is fine?

Seriously?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150401/2e1e7d87/attachment.html>


More information about the cryptography mailing list