On Thu, 16 Nov 2000, John Young wrote:
Still, is there no alternative to giving government and corporations first, if not exclusive, choice on the best products and services,
Not if you plan to make a legal profit, there isn't. After all, government and corporations are the people with the money.
Now, none of this applies to Bruce's evolving computer security body of work, which is most impressive. It's just not clear what will evolve as Counterpane takes more of his time and effort.
Which mostly consists of pointing out flaws and problems with things other than the encryption/decryption algorithms in use: Bits of it are definitely worth a read between auditing routines in your code. (oh yeah, I have 64 bits of key in this local variable, and I'm exiting the routine: better remember to write over them so whatever grabs the memory next can't read them.... and while I'm at it, I better declare that 'volatile' so the system can't swap it to disk...) This stuff is why you can't just plug libraries together and have a good crypto product; A 'math library' made for crypto has to do fundamental things to prevent other applications getting their hands on 'numbers' that a math library for general application does not have to do. Ditto a windowing or GUI system made for crypto, etc. All these slap-together GUI programs made with MFC etc that we're seeing, are a completely wrong approach for cryptographic software; you can't make that stuff secure, you have to write your own. And this is what Schneier has been pointing out. And thank goodness somebody's been pointing it out.
Cybercrime begins with criminalizing digital information, that is, to regulate who gets access to private secrets, who runs the protection rackets: "don't trust your computer" is the next step after "don't trust the Internet." Confidence in both requires the assurance services of who? Ah yes, I see.
But for Homer Husband and Harriet Housewife, this is a valid point. We can download source, audit it, compile it, and then audit the crucial bits of binary to make sure nothing funny is going on with our compilers. We, as technogeeks and cryptogeeks, can set up our own trusted machines. But Homer and Harriet can't count to eleven without someone lending them a hand, and without training and dedication, there is no way in hell that they can hold enough stuff in their heads to set up a trusted machine on their own - thus "trust" will always be a leap of faith. However, even with a "machine trust" issue in the way, I don't see that digital signatures are *less* secure than the types of signatures now accepted in court. After all, signature forgery on paper documents is not unknown or impossible either, and the "Digital signature act" earlier this year allows unencrypted (!) HTTP requests received via the internet to be held as signatures in court. There is a fundamental schism here between the "identity is meat" school of thought in which our legal system is based and the "identity is bits" school of thought manifested in digital signature protocols. But that's a more fundamental idea, and I want to address it in a different post. Bear