[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)

Jerry Leichter leichter at lrw.com
Thu Nov 19 08:23:48 EST 2015


>> (Not to mention the blowback when a thermostat declares itself
>> "obsolete" and shuts down in the middle of a blizzard and someone
>> freezes to death.)
> 
> In the immortal words of Henny Youngman:  So don't do that then.
> 
> Let's stop the the straw-man arguments already.  People have been
> solving problems like this, and indeed much harder problems, for
> a long time.... [Examples of things like airplanes and cars "done right".
The problem is we also have plenty of examples "done wrong".  Printers being a great example.  Lest you think this is only something unsophisticated home users get hit by, there's an article out there by an owner of a printing service who suspected - and proved - that the multi-hundred-dollar toner cartridges in his multi-ten-thousand-dollar digital press were claiming to be empty (shutting down the equipment) when there was still plenty of ink in them.  In fact, they were about a third full.

Cars and their service indicators are actually interesting for a different reason:  The fancy automatic "service required" indicators have only been around for 10 years or so.  Before that, service stations or oil change stops would give you a little sticker showing you when your next service was due.  They typically used a service interval half what the manufacturers recommended.  But who reads the manual that comes with their car?  By building the recommendation into the car's interface, manufacturers pretty much eliminated this little game.  (Not that they did it out of altruism:  When you get your service interval from a sticker, you'll probably go back to whoever stuck that on your window.  If you get it from the car itself, you're probably more likely to bring it in to the dealer.)

Would anyone deliberately build a thermostat that shut down the heating system when it expired?  Certainly not.  But would the designer put much thought into what exactly happens when something they sold 10 years ago reaches its expiration date?  Nah.  Edge case, the guy has to get a new one anyway - who cares what it does.  Who can justify the extra cost to make sure there isn't some odd transition - say, if the owner tries to reset it by turning it back and forth between A/C and heat mode a couple of times - which leaves it stuck off?

Expiration because the cryptography in the device "may no longer be good" is really a dumb idea.  Sorry.  It fails in way too many ways.

Failure of cryptography is only weakly a function of time.  We have cryptographic primitives (e.g., AES) for which there is absolutely no known correlation with time.  If it fails, it will fail because of some new attack.  It's only the various public key systems where the work factor is low enough that we use key lengths today that will be too short, even with current attacks, in the reasonably foreseeable future.  And even then ... the future may arrive much faster than we expected (quantum computers).

Thus:  There is no principled way to determine the expiration date.  It will almost certainly prove to be way too early, or way too late.

With no principled approach way to compute an expiration date, it'll be entirely up to the device makers to pick one.  Given that long experience with consumer devices shows that *most* sales are based on initial price, "longer expiration date" is not likely to be a telling factor.  Apple sells at premium prices, but not because its buyers want devices that last longer - it's because they are (perceived to be, if you want to be a cynic) better made.  Kodak tried to sell printers whose explicit selling point was that the cartridges lasted longer and were cheaper to replace; they went nowhere.

*Maybe* you can do this for *certain kinds* of commercial equipment.  But I doubt it. The time horizons for most commercial equipment goes out many years.  (The expected life of a home furnace is 10-15 years.  The boilers in even a small commercial building will last at least 50, probably much more.  The tradeoffs are just different.)
                                                        -- Jerry





More information about the cryptography mailing list