[cryptography] preventing protocol failings

James A. Donald jamesd at echeque.com
Tue Jul 12 20:42:41 EDT 2011


On 2011-07-13 9:25 AM, Marsh Ray wrote:
> Everyone here knows about the inherent security-functionality tradeoff.
> I think it's such a law of nature that any control must present at least
> some cost to the legitimate user in order to provide any effective
> security.

Extremely low cost security is feasible - indeed high cost security is 
insecure, since users can socially engineered to bypass it.

See for example "not one click for security"

http://www.google.com.au/search?q=%22not+one+click+for+security%22

Not one click for security is achievable, but a little ambitious.  One 
click security is, however reasonable and readily achievable.

There is nothing inherently difficult about one click security - what is 
difficult is interfacing one click security with existing insecure 
protocols.




More information about the cryptography mailing list