[cryptography] Compositing Ciphers?

ianG iang at iang.org
Sat Sep 7 02:01:27 EDT 2013

On 7/09/13 04:24 AM, Nico Williams wrote:
> On Fri, Sep 6, 2013 at 8:05 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> I'm more worried about key exchange or agreement.

At a technical level, key exchange/agreement has probably the biggest 
impact on the overall architecture of the cryptographic solution.  It's 
not bolt-on or black box, whereas most all the rest is.  That's because 
it is (a) hard to make easy on the user and therefore (b) has to really 
get inside the users' business model to be as easy as possible.

That's why I say to avoid public key cryptography like the plague.  Not 
to eliminate it but to concentrate the mind on searching for the minimal 
method.  Schneier recently said the same thing with "prefer symmetric 
over asymmetric."

> The list of things to get right is long.


> The hardest is getting the
> implementation right -- don't do all that work just to succumb to a
> remotely exploitable buffer overflow.  Next up is physical security.
> Then key management.  Then all the crypto stuff (ciphers, modes, MACs,
> hash functions, ...).  Then the RNG....  That's assuming off-the-shelf
> crypto algorithms.
> And then there's your trusted insiders/counterparties.  They are your
> biggest risk of all, or possibly second biggest, after plain old
> buffer overflows and similar.

In my experience partners/insiders are by far bigger risks.  Every day 
they make decisions and cause events that make the business go well or 
badly.  Rarely does the crypto have that effect.

Perhaps the issue here is that we as techies would rather not deal with 
those effects and rather get back to happy technical issues such as 
buffer overflows, RNGs, etc...  An easy technical solution seems so 
comforting that we tend to exaggerate the relevance.


More information about the cryptography mailing list