[cryptography] Math corrections [was: Let's go back to the beginning on this]

Arshad Noor arshad.noor at strongauth.com
Sun Sep 18 00:59:01 EDT 2011


On 09/17/2011 09:14 PM, Chris Palmer wrote:
>
> Thus, having more signers or longer certificate chains does not reduce the probability of failure; it gives attackers more chances to score a hit with (our agreed-upon hypothetical) 0.01 probability. After just 100 chances, an attacker is all but certain to score a hit.

Agreed.  But, that is just a consequence of the numbers involved.

The real problem, however, is not the number of signers or the length
of the cert-chain; its the quality of the "certificate manufacturing"
process.

Arshad Noor
StrongAuth, Inc.



More information about the cryptography mailing list