[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Nov 18 23:55:10 EST 2015
Jerry Leichter <leichter at lrw.com> writes:
>The US DoD, which buys drugs in huge quantities, did a study a number of
>years ago and determined that the could safely keep most drugs for twice
>the lifetime the manufacturers claimed, saving huge amounts of money.
Same with our government, which has to stockpile assorted drugs for
emergencies. They carried out ageing tests on them and found that the
effectiveness after ten years of storage was typically 90% of what it was
when the item was new. Saved them a fortune in costs in terms of throwing
out a warehouse full of perfectly good medication every 18-24 months or
so.
Desperately trying to tie this back to security, it's another example of
believing what's on the label ("keep your AV up to date, don't visit
strange web sites") vs. asking practitioners what the real issues are
("use different passwords for each web site, make them random, and use
a password manager to deal with them"). Talk to a physician some time
about what the real dosages are for medication (not the max dosage on
the packages), what the real effective lifetime is, and what off-label
usages are common ("it's sold as X but it's terrible for that, everyone
uses it for Y instead even though it's not meant for that").
Peter.
More information about the cryptography
mailing list