[Cryptography] What to put in a new cryptography course
Peter Fairbrother
peter at m-o-o-t.org
Thu Jul 7 06:36:20 EDT 2016
On 07/07/16 03:47, Ron Garret wrote:
>
> On Jul 6, 2016, at 9:47 AM, Stephan Neuhaus <stephan.neuhaus at zhaw.ch> wrote:
>
>> On 2016-06-23 06:33, Phillip Hallam-Baker wrote:
>>>
>>> Some of the points I am planning to make are: [...]
>>>
>>> * Complexity is the enemy of security.
>>
>> Depending on what you mean by that, the evidence for this is pretty thin.
>
> The evidence may be thin, but the argument seems compelling to me: the more complex a system is, the more possible places there are for vulnerabilities to hide.
Yep. Just restating that, 5th Principle: A more complex system has more
places to attack.
Set against this, simple systems can develop brittleness where one flaw
brings the whole house down, which can be especially devastating where
the system is widespread or monoculturous.
Belt-and-braces defence in depth can decrease brittleness, but to be
effective, each layer must be individually capable of defending the system.
At which point, people say "you don't need layer 2, layer 1 can do the
job all by itself"...
Which ignores the benefits of defense-in-depth, and breaks the 9th
principle: Plan for future threats.
-- Peter Fairbrother
More information about the cryptography
mailing list