[Cryptography] But it's encrypted so it must be OK
Ray Dillinger
bear at sonic.net
Fri Oct 27 21:39:33 EDT 2023
On 10/26/23 22:28, Peter Gutmann wrote:
> For those who can't read AlgorithmIdentifiers, that's 40-bit RC2, circa 1987.
> Being used today, in financial EDI.
>
> I suggested they just ignore the RSA part and brute-force the 40-bit key on
> each message.
Yet another example of putting the "Backward" in backward
compatibility. >:-(
"It was secure forty years ago, so it must still be working" is a normal
thing to think. That's how mature security technologies like steel
locks work. But cryptography isn't a mature technology. It's closer to
being a mature technology than it was in 1987, but we still value
immediate performance more than we value security that will last the way
a steel lock lasts. So computer capabilities continue to advance and
invalidate the stuff we worked on five or ten or twenty years ago, and
continues to blindside normal people who WILL ALWAYS think cryptography
works like a normal security product - that if it's secure then it stays
secure.
The "continues to work" assumption is the way normal people think.
Cryptography doesn't actually fail in a way that alerts them to the fact
that it's not working any more, unless someone has already stolen all
their money.
This is the awe-inspiring responsibility of being on any standards
committee, folks. Whether you consider it a reasonable thing to expect
or not, anything you standardize will be used and expected to be secure
for the rest of your natural life and most of your children's, because
that's the way normal people think about normal security products. If
that expectation is false, you can't explain the limitations in a way
that anyone who's not a pro will ever remember to even think about.
Anything with limitations that would need to be explained, shouldn't be
standardized.
Bear
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20231027/9560daa8/attachment.htm>
More information about the cryptography
mailing list