[Cryptography] protecting information ... was: we need to protect our dox

Bill Frantz frantz at pwpconsult.com
Thu Nov 10 01:11:58 EST 2016

On 11/9/16 at 4:28 PM, ron at flownet.com (Ron Garret) wrote:

>On Nov 9, 2016, at 1:41 PM, John Denker <jsd at av8n.com> wrote:
>>As part of asking
>>What's Your Threat Model (WYTM)?
>>we need to ask
>>What's Your Security Perimeter (WYSP)?
>This really needs to be emphasized.  I meet people all the time 
>who ask me if I can build them a magic USB dongle that they can 
>plug in to their computer and somehow make it magically 
>secure.  I have to explain to them that the very fact that they 
>are asking this question -- that this possibility is part of 
>their world view -- is a big part of the problem.  Most of them 
>don’t like hearing that.

Since I think of threat model as, "What is trying to attack me 
and how is it attacking?", I would add, "What do you mean by secure?"

Sometimes you need data secrecy, but don't have any actions to 
authorize and sometimes you need strong authorization, but don't 
need secrecy.

Cheers - Bill
Bill Frantz        | Re: Computer reliability, performance, and security:
408-356-8506       | The guy who *is* wearing a parachute is 
*not* the
www.pwpconsult.com | first to reach the ground.  - Terence Kelly

More information about the cryptography mailing list