[cryptography] Compositing Ciphers?
iang at iang.org
Sat Sep 7 02:01:27 EDT 2013
On 7/09/13 04:24 AM, Nico Williams wrote:
> On Fri, Sep 6, 2013 at 8:05 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> I'm more worried about key exchange or agreement.
At a technical level, key exchange/agreement has probably the biggest
impact on the overall architecture of the cryptographic solution. It's
not bolt-on or black box, whereas most all the rest is. That's because
it is (a) hard to make easy on the user and therefore (b) has to really
get inside the users' business model to be as easy as possible.
That's why I say to avoid public key cryptography like the plague. Not
to eliminate it but to concentrate the mind on searching for the minimal
method. Schneier recently said the same thing with "prefer symmetric
> The list of things to get right is long.
> The hardest is getting the
> implementation right -- don't do all that work just to succumb to a
> remotely exploitable buffer overflow. Next up is physical security.
> Then key management. Then all the crypto stuff (ciphers, modes, MACs,
> hash functions, ...). Then the RNG.... That's assuming off-the-shelf
> crypto algorithms.
> And then there's your trusted insiders/counterparties. They are your
> biggest risk of all, or possibly second biggest, after plain old
> buffer overflows and similar.
In my experience partners/insiders are by far bigger risks. Every day
they make decisions and cause events that make the business go well or
badly. Rarely does the crypto have that effect.
Perhaps the issue here is that we as techies would rather not deal with
those effects and rather get back to happy technical issues such as
buffer overflows, RNGs, etc... An easy technical solution seems so
comforting that we tend to exaggerate the relevance.
More information about the cryptography