[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)

Watson Ladd watsonbladd at gmail.com
Mon Dec 7 17:54:38 EST 2015

On Tue, Nov 17, 2015 at 3:34 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
>  John-Mark Gurney <jmg at funkthat.com> writes:
>>Only changes your attack surface...  Most of the ones mentioned will easily
>>fall to passive listening...
> ... which means the attacker has to control a switch or router between the
> victim and device and be actively listening at the time that comms take place.
> That's a long, long way from being able to seize control of it via a random
> port scan over the Internet.

You assume that packets take an easily predictable path across the
entire Internet that isn't modifiable by attackers. This is just
wrong: BGP does weird stuff every day because of accidents.
>>Either you implement full crypto to get security, or you're vulnerable to any
>>number of attacks...
> You're still vulnerable to any number of attacks with full crypto, they're
> just different attacks.

Or you could write code that doesn't turn any bug into remote code
execution, so we've solved all of those problems. Then you have to
worry about protecting authorization keys.

Let's stop pretending these problems aren't solvable. They are.

> Crypto is not soy sauce for security [0].
> Peter.
> [0] Patrick McKenzie, Kalzumeus Software.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

"Man is born free, but everywhere he is in chains".

More information about the cryptography mailing list