[Cryptography] The Laws (was the principles) of secure information systems design
Dave Howe
davehowe.pentesting at gmail.com
Fri Jul 15 04:46:34 EDT 2016
On 14/07/2016 18:13, Bob Wilson wrote:
>> Law 2: If it isn't stored it can't be stolen
> Sounds "obviously" true, but as a mathematician I know that when I say
> something is "obvious" other mathematicians will take it to mean I
> need it to be true but I can't remember how to prove it. (There are
> lots of mathematician's jokes that amount to definitions of "obvious"...)
> In this case it may well be true, but that depends on the whole
> collection that has been stored. You can choose to omit some fact but
> at the same time leave in other things that imply part or all of that
> fact. It is hard to be sure that something is not implicit without a
> process equivalent to formal verification. So "If it isn't stored"
> covers a lot more than it appears to.
I would go with "It can only be stolen while you still have it" :D
More information about the cryptography
mailing list