[Cryptography] How to De-Bollocks Cryptography?
Ralf Senderek
crypto at senderek.ie
Thu Aug 8 12:45:59 EDT 2024
On Wed, 7 Aug 2024, Jon Callas wrote:
> The problem with the Einstein quote is one that he knew himself as he said it
> -- it's a wry aphorism that has no actionable advice.
Of course it's actionable advice! We are talking about the *and no simpler* bit.
Whenever you apply this principle to a task, you'd have to find the distinction
between neccessary (and sufficient) complexity and complexity that reduces security.
This distinction is different for everything you try to achieve. But nevertheless
it is a clear direction.
[...]
> One of Norman's other major points is that the systems we build must mirror the
> complexity and richness (richness, remember, is complexity we like) of the world.
> If the world is complex, a simple solution will end up being complexly bent
> to work within it.
Things like TLS have not been designed to mirror complexity of the world.
These are artificial constructs which we use to create ways of doing new
things. And if we want to do that securely, unneccessary complexity has to go.
-ralf
More information about the cryptography
mailing list