[Cryptography] Secure erasure
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Sep 11 05:50:33 EDT 2016
Jerry Leichter <leichter at lrw.com> writes:
>Frankly ... I don't see it happening. The demand is simply not there. The
>sophisticated attacks we talk about here are *not* how hacking is done today.
>We haven't even seen evidence of the government actors going that far. There
>are way too many easier attacks.
Thus the two quotes at the start of my IoT crypto post (to another list)
recently:
The problem we have is not how to get stronger crypto in place, it's how to
get more crypto in place.
-- Ian Grigg, 28 August 2016.
... and to raise the level of security of the rest of the system so that
attackers are actually forced to target the crypto rather than just
strolling around it.
-- Peter Gutmann, in corollary.
(the latter was just a re-stating in the context of Ian's quote of Shamir's
Law that crypto is bypassed, not attacked).
Which leads to a further corollary that anything more than maybe single DES
when your opponent is anything other than a nation-state is probably a waste
of time because there's always an easier way in.
Peter.
More information about the cryptography
mailing list