[Cryptography] What do we mean by Secure?
alex at alten.org
alex at alten.org
Mon Feb 9 02:08:01 EST 2015
Quoting Bill Frantz <frantz at pwpconsult.com>:
> On 2/6/15 at 3:10 PM, kentborg at borg.org (Kent Borg) wrote:
>
>> Ah, but then one would have to stop and figure out what one is
>> trying to do...damn! Can't I just ask for Wholesome Apple Pie and
>> be done?
>
> The more I hear people talk about making thing secure, the more I
> hope they will explain what they mean by secure. What I mean, in the
> broadest sense, is "Bad Things Won't Happen". Now this is a bit over
> nebulous. :-)
>
For myself security is just another engineering domain, like software
or electrical engineering. When you design a secured system you have
to have a set of assumptions/axioms (like this PRNG is good), rules of
operation (like where user revocation or policy adjudication is performed),
etc. And as with any engineering discipline you can trade off with
other engineering solutions (like storing keys in a hardware TPM versus
using password to decrypt them or versus inserting it with a CAC card).
- Alex
--
Alex Alten
alex at alten.org
More information about the cryptography
mailing list