[Cryptography] When your security is too secure
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Nov 23 20:40:02 EST 2025
Jon Callas <jon at callas.org> writes:
>There's a classic model of security: confidentiality, integrity, and
>availability. Hahahaha, CIA, get it, CIA! As I get older and more
>experienced, the more I think that A is more important than C or I.
And I in turn is more important than C: If we had proper I for things like
financial transactions and in fact anything involving authorisation we
wouldn't need the C at all. The only reason a lot of C is used is to protect
things like 16-digit numbers and plaintext passwords that substitute for a
proper authorisation mechanism.
Peter.
More information about the cryptography
mailing list