[cryptography] caring requires data

ianG iang at iang.org
Mon Oct 13 09:48:24 EDT 2014

On 13/10/2014 14:32 pm, coderman wrote:
> On 10/13/14, ianG <iang at iang.org> wrote:
>> ...
>> No, and I argue that nobody should care about MITM nor downgrade attacks
>> nor any other theoretical laboratory thing.  I also argue that people
>> shouldn't worry about shark attacks, lightning or wearing body armour
>> when shopping.
>> ...
>> What distinguishes what we should care about and what we shouldn't is
>> data.  And analysis of that data.
> indeed. thanks for showing me the light, ian!

your welcome ;-)

> Q: 'Should I disable Dual_EC_DRBG?'
> A: "The data shows zero risk of an attacker compromising the known
> vulnerability of a specially seed random number generator. Do not
> change; keep using Dual_EC_DRBG!"

Ah well, there is another rule we should always bring remember:

     Do not use known-crap crypto.

Dual_EC_DRBG is an example of a crap RNG.  For which we have data going
back to 2006 showing it is a bad design.

Others in this category include:  RC4, DES, MD5, various wifi junk
protocols, etc.

> Q: 'Should I switch away from 1024 bit strength RSA keys?'
> A: "The data shows zero risk of an attacker compromising the known
> vulnerability of a insufficiently large RSA key as the cost is
> prohibitive and no publicly demonstrated device exists. Do not change
> to larger keys; keep using 1024 bit RSA!"

I agree with that, and I'm on record for it in the print media.  I am
not part of the NIST lemmings craze.

So, assuming you think I'm crazy, let's postulate that the NSA has a box
that can crunch a 1024 key in a day.  What's the risk?

Over a year, the risk to *you* is that one of your keys is in the top
365 keys targeted to attack, over this coming year.

Is that likely?  If it is ... well, my advice is not for you, you're
another sort of person altogether ;-)

WYTM?  The world that is concerned about the NSA is terrified of open
surveillance.  RSA1024 kills open surveillance dead.

> Q: 'Should I worry about the auto-update behavior of my devices or computers?'
> A: "The data shows minimal risk of an attacker compromising your
> systems via this method. Don't bother changing your vulnerable auto
> update any where any time any how; you're probably safe!"

Actually, I thought there was data on this which shows that auto-update
keeps devices more secure, suffer less problems.  I think Microsoft have
published on this, anyone care to comment?

> it's all so easy now... :)

:) iang

More information about the cryptography mailing list