[Cryptography] What do we mean by Secure?

Dave Horsfall dave at horsfall.org
Wed Feb 11 00:01:27 EST 2015 

On Tue, 10 Feb 2015, Jonathan Thornburg wrote:

> > I've always understood it to mean something like "you cannot prove an 
> > absence of anything."
> 
> That not true either.
> 
> For example, by looking around the (farily small) room in which I'm 
> sitting right now, I can prove the absence of adult elephants in this 
> room.

OK, for the sake of the argument (moderator(s) willing and the creek don't 
rise), prove to me the absence of an adult elephant in your room.  Please 
note that I am unable to physically verify same for myself, as I'm in 
Australia and you aren't.

I'm not being snarky or anything like that; I'm just a follower of 
"absence of evidence is not evidence of absence" in a 
Sherlocky-philosophical way, with possible quantum implications etc.

> If you want a purely computer-based example, if (on a Unix system) I 
> execute 'cat /etc/motd' and the output is unexceptional, that proves the 
> absence of any multi-megabyte-long Secret Plan for World Domination 
> stored in that file.

But has it demonstrated the lack of any NULs, or the lack of any ANSI 
escape sequences that you may not notice, or the lack of any function key 
programming which will rear up and bite you some time?

There was, a long time ago in a USENET newsgrope far away, a site that, 
when one FINGERed it, did ASCII animations; my favourite was the 
Andalusian Snail (best played at 9600 or less).

> This latter example also demonstrates that proofs generally (maybe 
> always?) assume certain axioms.  In this case, these include that my 
> shell is finding and executing the right 'cat' program, that 'cat' is 
> telling the truth about the file contents, and that xterm and the X 
> server are faithfully rendering those contents into 
> pixels-on-the-screen. In the face of a sufficiently clever rootkit 
> any/all of these assumptions might fail.

Yup.  Now, prove to me their complete absence...

It was my job, once, to do a forensic analysis on a thoroughly r00ted 
Linux box (long story).  Every tool had been trojaned, and I mean, *every* 
tool.  I took an image of the disk and examined it elsewhere on a known 
clean system, and if there wasn't a tool that wasn't trojaned in some way 
then I was yet to find it; I think it was the SSH Compensation attack.

I still have an image of that Penguin on a CD somewhere...

-- 
Dave Horsfall DTM (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)

More information about the cryptography mailing list