-----BEGIN PGP SIGNED MESSAGE----- At 04:57 PM 10/11/00 -0700, Meyer Wolfsheim wrote:
The only reasons I see for having a security system (be it an encryption product, or a physical access device) with a large discrepancy in the level of security that the individual components provide is either:
... I'd add one more reason to yours, which is especially relevant in the crypto world: d) Use of standard components. If it costs nothing more to use Rijndael to encrypt all your data than to use FEAL-8, then why not go ahead and use Rijndael, which is widely available in crypto libraries and such? Okay, so your system doesn't even provide FEAL-8 level security, but there's no reason to go out of your way to use a bad cipher, along with all the other problems, right? (I've often suspected that if all fielded encryption in use today were replaced by FEAL-8X (FEAL-8 with 128-bit keys), there would be virtually no impact on practical security. I think the best know attack requires 2^{25} known plaintexts, which are almost never available in practice.) This is the situation that we would have if all-but- unpickable locks cost exactly the same amount as the crappy toy locks they usually sell with luggage.
I am disgusted by the use of security devices purely for marketing reasons. The mentality that "It doesn't matter that we can't provide quality entropy in our encryption product as long as we can say we use 256 bit Twofish" is demonstrative of negligence. I want to be told the security of the *weakest* part of the system, as that is the measure of the entire system's security. Then I will decide if it is sufficient for me.
I agree in principle, but in practice, some of these measures are a lot easier to figure out than others. Like, it's easy to see determine that you're using a cipher with a sufficiently long key and a good pedigree. It's harder to determine whether your PRNG always gets as much entropy as it needs to generate unguessable keys. It's still harder to determine whether anyone your CA ever hires will be willing to generate a few new keys that are supposed to be in your hierarchy, and use them to run some kind of fraud on your system. Or that there are no software flaws that make it easy to defeat the system, despite the use of first-rate components. Or.... ...
Security is a ritual, not a product.
:)
- -MW-
--John Kelsey, Counterpane Internet Security, kelsey@counterpane.com PGP Fingerprint: 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 Int. for non-commercial use <http://www.pgpinternational.com> Comment: foo iQCVAwUBOeVlwyZv+/Ry/LrBAQF05QP/dM8gCxDCzM2WGV6rd54fvTvDkzfL8HqL 03k4/EDAOJPJhuOv79WW7Q9UZUK+FQ4tsZlBgsJ83KAGQ+6y5YEZXQawl7bLGR/w TDPgwQfHcctTKxUOBdiNPet/AoWDXp6o3eW/x1141u8X6zc4zzcDVZSowUJ9ykKO 1GiOlUnEhQk= =c44O -----END PGP SIGNATURE-----