Herr Bear's two paragraphs below are among of the most clear, concrete explanations of 'why security is hard/ crypto is insufficient' that I've read. Clear to a programmer, anyway. But still, I think that the vast majority of users will end up trusting something, and the vast majority will be well secured. Most do not, for example, worry about black-bag jobs. How many hardcore cpunks have reverse engineered the source to the security apps they actually use? PGPDisk *and* PGPfone *and* PGP version whatever? With time left over for SSL? And you do regular RF sweeps too? Do you work on your own brakes, too? Maybe some need to, and they recognize this. Most don't, and recognize this. The ones who need it but don't see it get culled. The ones who don't need it but see it are paranoid, or cautious, depending. Finally, things will get deployed (and paid for) only when there's some utility to the deployees. Either AMEX is going to pay for all these cards & readers because its worth it to AMEX, or Homer & vendors are going to pay because its worth it to them. With the current $50 credit card fraud limit on the customers' side, and the generally reliable POTS dial up to the credit card folks on the vendors', there is little motivation to change... no matter how efficient (cheap) or convenient the future might be if we were to start now. [I am reminded of the following: California mandates (suppressing the "needs killing" remarks for now) electric car sales, but drivers won't buy them. Rational drivers will buy (initially) more expensive but efficient hybrids if and only if (when) the price of petrol goes up enough to make it worthwhile. Ergo, If people were responsible for much more fraud-debt, they might accept / pay for / require more secure tech. Economics is physics. These are testable hypotheses; look to expensive-petrol places (Euro) to buy into high-milage hybrids faster, and 12-cylinder Caddys to be cruising the oil-rich nations until they're dry] You can get people to carry metal things around *all the time*, and you can sell them things to stick the metal things into, if they see a benefit ---like someone not stealing their padlocked objects. $50 of fraud, inertia/protectionism, and a general lack of use/concern for anonymity means Hettinga's Stored Value Smartcard-Requiring Utopia (tm) is a few years off. ..... I wonder if Gutenberg had to put up with: "But why print so many books? Almost everyone can't read" ...... At 01:49 PM 11/16/00 -0500, Ray Dillinger wrote:
Which mostly consists of pointing out flaws and problems with things other than the encryption/decryption algorithms in use: Bits of it are definitely worth a read between auditing routines in your code. (oh yeah, I have 64 bits of key in this local variable, and I'm exiting the routine: better remember to write over them so whatever grabs the memory next can't read them.... and while I'm at it, I better declare that 'volatile' so the system can't swap it to disk...)
This stuff is why you can't just plug libraries together and have a good crypto product; A 'math library' made for crypto has to do fundamental things to prevent other applications getting their hands on 'numbers' that a math library for general application does not have to do. Ditto a windowing or GUI system made for crypto, etc. All these slap-together GUI programs made with MFC etc that we're seeing, are a completely wrong approach for cryptographic software; you can't make that stuff secure, you have to write your own. And this is what Schneier has been pointing out. And thank goodness somebody's been pointing it out.