Comments: Hubristic Cryptography

Things that are broken and thrown away if we examine the scrap heap of concepts we may learn to make a new what was once junk. Although society does not reward the non-pop star the rebuilder. So if one where to make the crypto thong and splash it with a bit of glitter the old PKI could have another run in a smaller venue since altering its aspects for private use might prove of some value. Of course this is not science but an excercise in critical review. When you tier the readers of this paper into groups you are touching on the real reason for unsecure systems, the systems are designed for general use and the levels of understanding trickle down not up. Academic review in isolation is meaningless to few understand enough to contribute.

Posted by Jimbo at July 18, 2004 05:09 AM

Correct me if I'm wrong here; however, it seems that the process of making crypto provably secure often produces discussions and development that drops into a black hole, instead of discussions that lead to reasonable improvement. To me, crypto is simply a form of security. Other forms of security (that come to my mind) do not obsess with perfection.

For example, if one were to analyze physical security for a building, one would not first obsess with a model for creating a building that is perfectly secure. Even if one were to abstract that discussion to a model for physical security for all buildings, I doubt that we would start by building a model for the perfectly secure building.

Extending on this thought, fire protection is an element of physical security. Analysis of fire protection for a specific building proceeds from a perspective of assessing the risk, measuring potential responses by cost-benefit analysis, and then implementing protection. It sounds cruel to consider that builders do not build in every form of fire prevention possible; however, this is the case.

We live safely in buildings lacking every known means of fire protection for several reasons. First, are implementation issues. Improving fire security causes increasing costs that produce decreasing returns in terms of protection. Second, we recognize that *any* building can burn. It would be pointless to try to achieve perfection, and so, we build buildings that are less than perfect in terms of fire security. Lastly, the accepted risks are (if we look for them) clearly stated. For example a building made of wood is less likely to burn than one made of steel.

On the other hand, in the world of information technology, analysis too often proceeds from a misguided pursuit of perfection -- with neither an anysis of the costs nor a consideration of implementation effects. For example, a consulting firm does a security audit on a company. Weak passwords are identified as a problem. Management decides to require random 8 character passwords. Problem solved! Well, not exactly, henceforth in that company all monitors will be adorned with Post It notes containing passwords.

Obsession with perfection produces stagnation. I believe that if fire protection were addressed in the same manner that IT security is, we'd all be living in and working in fire traps while we waited for an oracle to offer us a perfect means for preventing building fires.

The focus in other security fields is one of improvement and risk analysis, instead of one of perfection. In my opinion, we could learn from how security is succesfully applied in other arenas.

Posted by Will at July 18, 2004 01:35 PM
MT::App::Comments=HASH(0x5584affd5ec8) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/ line 125.