[Cryptography] Quillon Graph
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jan 15 08:55:45 EST 2026
Peter Fairbrother <peter at tsto.co.uk> writes:
>The laws of secure system design:
>
>[...]
>
>1 Someone else is after the stuff you have
Your mum may love you but everyone else really isn't that interested in you.
You may be unlucky enough to get caught up in someone's driftnet, but that's
about it.
>3 Everywhere can be attacked
Unless it's on the public Internet, people won't even know it exists, let
alone try and attack it.
>9 Security is a Boolean
Security is a floating-point value. Most of the time all you need to be is
just good enough.
Also:
11. "Don't be a target" is the best security measure you have.
(Rule 11 ties in to all the other variations above. If you can't comply with
11, i.e. your threat model is James Mickens "Mossad doing Mossad things to
you" then you're going to get compromised no matter what you do).
Peter.
More information about the cryptography
mailing list