[Cryptography] Crypto best practices
Ralf Senderek
crypto at senderek.ie
Sun Mar 19 04:54:47 EDT 2017
On Sun, 19 Mar 2017, Peter Gutmann wrote:
> I'm willing to trade off a little bit of security in exchange for robustness,
> because my code has to work in harsh environments and I can't afford to have
> the first woodpecker that comes along destroy civilisation. So my "required
> behaviour" is "as secure as possible provided it doesn't compromise
> robustness", which seems to be rather different from many people's "the
> underlying hardware and software and developers work flawlessly, make it as
> theoretically perfect as you can assuming completely error-free
> functionality".
Looking at the system as a whole, robustness is a vital part of security.
It's of no use to have a system that's pretty secure in sunshine and light
winds, but falls apart at the first attempt to use it "creatively".
Building secure systems is what Ross Anderson called "programming Satan's
computer" decades ago:
https://www.cl.cam.ac.uk/~rja14/Papers/satan.pdf
And if Satan demands the use of a certain proprietary OS, I'd rather
give up than fool people into thinking they can get a robust and
secure system.
Because of the fact that we have to deal with the complexity of systems
it is of vital importance that we reduce it.
--ralf
More information about the cryptography
mailing list