[Cryptography] best practices considered bad term
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Feb 1 09:44:42 EST 2015
ianG <iang at iang.org> writes:
>As a wider philosophical question, is it even appropriate to promote or
>accept 'best practices' in the security world? It's presence is almost a
>complete proof that we're not doing security, we're instead participating in
>a rain dance or voodoo for purposes of avoiding security.
This is particularly the case for the "cryptography" subset of "security", for
which "best practice" seems to be synonymous with, as Linus put it, "people
wanking around with their opinions". In something like medicine we have
evidence-based best practice, "don't discontinue your antibiotics until you've
gone through the full course". In agriculture we have "don't overuse one type
of fungicide or you'll end up with resistant strains".
In contrast in crypto it's "Use ECC!" / "No, use RSA with an 8K key!" / "No,
use AES-GCM!" / "No, use Poly1305-AES" / "No, use ECC but only with My Pet
Curve!" / "No, use Ed25519" / "Camellia! Gost! Twofish! SEED! LIONs and
Tigers and BEARs, oh my!", ignoring the fact that an attacker won't care what
you do since they're exploiting a buffer overflow in some ancillary support
library that you don't even know exists.
In medicine and agriculture we know from real-world experience that if you
don't follow best practice (in the use of antibiotics, fungicides, whatever),
bad things will happen. In the crypto world if you don't follow best practice
(pick someone's at random, it doesn't make much difference) chances are
nothing will happen, and even if you do follow best practice, you'll probably
get owned anyway because crypto won't stop anyone who wants to get in (see
Shamir's Law, what I mean here is that if there's a way in then it won't
involve breaking the crypto, an extended form of which is in this slightly
NSFW poster: https://www.kiwicon.org/site_media/poster_shit.pdf).
So it's certainly a rain dance, but I wouldn't say it's for avoiding security,
it's for avoiding liability, a la "no-one ever got fired for buying IBM".
Peter.
More information about the cryptography
mailing list