[Cryptography] Literature on reusing same key for AES / HMAC?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Nov 7 21:50:28 EST 2015


ianG <iang at iang.org> writes:

>It sort of posits that homegrown crypto causes people to act more
>dangerously, the so-called "false sense of security" ... but this isn't
>really how the world works.  In the real world, we run through the list of
>risks, do what we can to mitigate them, and then move on.  Those that we fail
>to close of, we accept.  We're at risk all the time against everything, it's
>just a set of different levels.

That "false sense of security" argument is one of the great bugbears of
security.  It's typically presented as "we can't use a less-than-perfect but
very effective security measure because it'll give people a false sense of
security" (with an implied "we'll keep using this theoretically perfect but
practically useless security measure instead").  The major real-world example
I like to use of this is browsers using TOFU/key continuity vs. using CA
certs.  TOFU isn't theoretically perfect ("it gives people a false sense of
security!"), but would make phishing vastly harder.  CA certs do virtually
nothing to prevent phishing, but in theory if they worked then they could, so
we'll keep using those rather than implementing TOFU/key continuity.

>Homegrown crypto is a far better thing than no crypto, and while it's not
>being attacked by an actual person with cryptanalytic experience, it's
>knocking hordes of scammers, script kiddies, criminal gangs and what-have-
>you. 

And that's the important point with less-than-theoretically-perfect crypto, if
you can get even a 10% reduction in attacks using some not-perfect mechanism
you've made a significant dent in what the attackers can do (to put this into
perspective, there's no real empirical evidence that CA certs have any effect
at all on attackers, so 10% is a huge improvement over the current state of
the art).

Peter.


More information about the cryptography mailing list