[cryptography] philosophical question about strengths and attacks at impossible levels

Jon Callas jon at callas.org
Fri Nov 19 18:46:44 EST 2010


> 
> Does the fact that parts of Stuxnet was signed by two valid certs
> count as a cryptographic failure?
> 

Of course not. Does it count as a DMV failure if a bank robber has a valid drivers license?

None of us have ever claimed that only good people can use cryptography. As a matter of fact, you'll find that most of us have criticized the assumption that a valid signature means truth, beauty, morality, or anything beyond a mathematical formula returning a 1. 

You cannot produce trust with cryptography, no matter how much cryptography you use. 

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20101119/96e51c72/attachment.html>


More information about the cryptography mailing list