[Cryptography] Cipher death notes

[Lodewijk andré de la porte]

On Apr 2, 2015 6:57 AM, "Ben Laurie" <ben at links.org> wrote:
>
> On 1 April 2015 at 15:40, Lodewijk andré de la porte <l at odewijk.nl> wrote:
>>
>> 2015-04-01 20:22 GMT+09:00 ianG <iang at iang.org>:
>>>
>>> We can imagine the WGs worrying about the security effects of that.
Can someone craft a virus that turns off *all* ciphers?  If the IoT thing
is 20 years old and switches the cooling water on a NY nuclear
powerstation, is it clearly more secure by eliminating its 20 year old
cipher?  Does the fallback to cleartext make the effect of the last cipher
dropping off worse?  Is letting someone hack the cipher worse or better
than disabling access?
>>
>>
>> It would probably decline all communication (fail to negotiate a
protocol), which seems fine to me.
>
>
> So, you think declining to control a nuclear power plant because some
minor device had a security issue is fine?

No remote (+manual) control that's known to be insecure. Seems sane to me.

> Seriously?

Yeah! The thing probably manages itself just fine. You'd rather have anyone
(or, more people than authorized) access/control it remotely?

It's an example, ofc. But when you use a cipher you do so because you want
security. Not getting it seems like it's always a critical failure.

Is falling back to insecure better than failing fully (in some situations)?
Probably almost never. I think the nontrivial failures due to all
communication suddenly dissapearing at once (and people not having planned
for that) can and will cause problems, but having supposedly secure
communication become insecure is will cause problems more certainly.

The idea is that bad cyphers turn off ASAP without a human intervening.
Also because we know humans sometimes (often) just don't intervene.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150402/4299b029/attachment.html>