[Cryptography] Secure erasure

Watson Ladd watsonbladd at gmail.com
Mon Sep 12 18:48:31 EDT 2016


On Sun, Sep 11, 2016 at 6:32 PM, <alex at alten.org> wrote:
> Quoting Peter Gutmann <pgut001 at cs.auckland.ac.nz>:
>>
>> Jerry Leichter <leichter at lrw.com> writes:
>>
>>> Frankly ... I don't see it happening. The demand is simply not there.
>>> The
>>> sophisticated attacks we talk about here are *not* how hacking is done
>>> today.
>>> We haven't even seen evidence of the government actors going that far.
>>> There
>>> are way too many easier attacks.
>>
>>
> ..
>>
>> (the latter was just a re-stating in the context of Ian's quote of
>> Shamir's
>> Law that crypto is bypassed, not attacked).
>>
>
> This is so true. After having spent several years with (legal)
> cyber-hacking
> teams, I almost don't care about crypto anymore.
>
> I'm far more worried about securing application code and OS kernel code as
> much as possible without any real support in hardware or a real reference
> monitor (for the latter case except possibly the more recent iOS/iPhone).
>
> To me the question is how to better secure the app tool chain processes
> effectively to reduce attack surfaces (like ASLR compiler flags, stack
> canaries, usage of more secure Clib calls, etc.), to (methodically)
> re-engineer kernels (and maybe silicon) to also reduce their attack
> surfaces.
>
> And to have good monitoring and analysis tools (Netflix's FIDO comes to
> mind)
> without overwhelming that person with false positives or huge amounts of
> data (like using topographical data analysis, e.g. the Python Mapper open
> source).

If only there was a widely used embedded language designed by the DoD with
built-in bounds checks, widespread compiler support on different
architectures, and in GCC.

Maybe it's even named after a woman.

>
> - Alex
>
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160912/231b76b5/attachment.html>


More information about the cryptography mailing list