[Cryptography] What to put in a new cryptography course
dj at deadhat.com
dj at deadhat.com
Wed Jul 6 21:17:18 EDT 2016
> On 2016-06-23 06:33, Phillip Hallam-Baker wrote:
>>
>> Some of the points I am planning to make are: [...]
>>
>> * Complexity is the enemy of security.
>
> Depending on what you mean by that, the evidence for this is pretty thin.
>
I know that when I make that assertion, I mean that the argument you can
make for the security of the system is simple enough to be comprehended
and analyzed.
It may be in the context of a complex thing, but it's good to be able to
point to a simple set of states and interactions that are orthogonal to
the state and operation of the rest of the system and show how those
engender some security property.
It can't be taken too literally. For example side channel and fault
injection mitigation mechanisms often involve layering multiple defenses
so that all have to be broken simultaneously. This is rarely completely
simple, but then it's rarely super complicated either.
More information about the cryptography
mailing list