[cryptography] philosophical question about strengths and attacks at impossible levels

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Tue Nov 23 17:31:25 EST 2010


On Sat, Nov 20, 2010 at 01:10:53PM +1000, James A. Donald wrote:
> Ian G wrote:
>> The result of 15-20 years is that nobody has ever lost money because of
>> a cryptographic failure, to a high degree of reliability.
>
> How about all the money lost because Wifi security does not work?

How about accounts broken into because of:
LANMAN password hashing?
Non-salted (or iterated, or memory-hard) password hashes?
Cost of replacing DES?

In general I agree with Ian, and think that crypto designers have been
working on crypto algorithms because they're clearly defined,
algorithmic and/or math.  Hammer meets nail.

Crypto designers probably do worse with business processes, usability,
economics, and issues of scale, because that's not what they're
trained in.  So no suprise what happens there.

I think Denning made a similar observation after working on database
security; that attackers didn't attack in the ways you thoughtfully
defined for them, they flow around your strong defenses like water.

However, given that (e.g.) network crypto was designed to deal with
the "sniffer on a core router" attack (no reference, sorry, think it
was mid-90s), I think the fact that we haven't seen too many of these
stories any more suggests that the solution worked, not that the
solution was misguided in some way.

IMHO, having attackers move to other systems (or attack parts of a
system you designed), is a sign of success, not failure.  If you
designed that system (or part), that's the best possible outcome.

A few parting thoughts.

The vast majority of government equipment is COTS; economics of scale
enforce this.

Absence of evidence is not evidence of absence.

Not everything that can be counted counts, and not everything that
counts can be counted.

As measured in Internet time, an installed base's half-life is
forever.

Successful systems tend to be evolutionary rather than revolutionary
when there's a non-trivial ecosystem around them.

A successful system is used in ways its designers never imagined.

Resistance to a unforseen class of attack is basically chance.

Is doing more of what you're already good at necessarily a bad
strategy?
-- 
Good code works on most inputs; correct code works on all inputs.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20101123/adbe9655/attachment.asc>


More information about the cryptography mailing list