[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Nov 16 23:16:24 EST 2015
Jerry Leichter <leichter at lrw.com> writes:
>Neither of these is relevant to a SCADA network. SCADA elements talk to
>controllers. A controller can easily keep track of a unique key per element.
>A element only needs the key to talk to its controller.
Exactly. There's a huge amount of SCADA out there with per-element symmetric
keys. Works perfectly well, for the reasons you give.
You don't even need a "high-security" algorithm for it to be good enough. For
example there's a security system that uses 16 bits of a truncated DES MAC to
protect a security perimeter. That sounds terribly insecure, except that you
need to cut and splice a MITM into a fibre-optic link in under 50ms and then
generate a new MAC forgery every 50ms for an indefinite period of time (months
or years).
Paraphrasing Bruce Schneier, security is doing what's appropriate for the
situation, not a key size in bits.
Peter.
More information about the cryptography
mailing list