Re: More FUD from First Virtual
From: Adam Shostack <adam@homeport.org> Subject: Re: More FUD from First Virtual To: jimbell@pacifier.com (jim bell) Date: Sat, 9 Dec 1995 16:51:58 -0500 (EST) Cc: cypherpunks@toad.com
jim bell wrote:
[Good points about cost of transactions deleted]
| The answer, I think, it that there would be no problem finding people to | take that risk in exchange for the return, ESPECIALLY if they have some | input into the design (level of security) of the system. They might insist | on 2048-bit RSA keys, instead of 1024-bit, for example.
(I know its only an example, but...)
Key length is not what is needed for better security; more solid code and better interfaces are needed. (I might also argue for hardware keys that are more difficult to steal..)
Nonsense. The code is pretty solid, the interfaces aren't very difficult. What is needed is better human management of keys. Why brute-force, why look for weak keys, why bother calculating how much safer 2047-bit keys are rather than 1024-bit keys when someone can look on your HD and find your secret key, when they can open your desk drawer and find your pass phrase or password, when they can guess that you used your wife's maiden name as your password? Adam, I don't understand why you wrote nonsense in the first paragraph, then followed it up with textbook attacks such as:
Cryptosystems fail because of bad storage of keys, coding mistakes, accidentally writing passphrases to disk during a swap, etc. Moving to 2048 bit keys is no help if you lose the key to a non-cryptanalytic attack. Moving to keys with a week or day lifetimes might be better.
Moving the systems which automatically issue key revocation certificates, and coupling that with a wide distribution system would be the perfect match to such a scheme. Of course, that means that PGP et. al. needs to be more tightly integrated into existing mail software.
Ed Carp wrote: | Adam Shostack <adam@homeport.org> | > jim bell wrote: | > | > [Good points about cost of transactions deleted] | > | > | The answer, I think, it that there would be no problem finding people to | > | take that risk in exchange for the return, ESPECIALLY if they have some | > | input into the design (level of security) of the system. They might insist | > | on 2048-bit RSA keys, instead of 1024-bit, for example. | > | > (I know its only an example, but...) | > | > Key length is not what is needed for better security; more | > solid code and better interfaces are needed. (I might also argue for | > hardware keys that are more difficult to steal..) | | Nonsense. The code is pretty solid, the interfaces aren't very | difficult. What is needed is better human management of keys. Why | brute-force, why look for weak keys, why bother calculating how much | safer 2047-bit keys are rather than 1024-bit keys when someone can | look on your HD and find your secret key, when they can open your | desk drawer and find your pass phrase or password, when they can | guess that you used your wife's maiden name as your password? | | Adam, I don't understand why you wrote nonsense in the first | paragraph, then followed it up with textbook attacks such as: I use PGP becuase its pretty good, but if I was going to trust all my money to it, I'd want better code (especially in key management. And the Mac port needs a few man months of work. ;) I don't know how solid the code is in the ecash client. I do know that Netscape & Microsoft can't seem to ship decent code. (This is a reflection of the way the industry has evolved; the first system to require a bigger processor due to creeping featuritis gets the most market share. Quality of code seems to be unimportant.) No flame at Netscape here; they're doing what the market, conditioned by MS to never expect bug free code, seems to want. Further, the interfaces are not decent. Ever tried teaching your mother to use PGP? I have a lot of smart freinds; a lot of them, while understanding how easy it is to read mail in transit, haven't found a PGP front end thats easy enough to use that they will use it. (This is not an invitation to send me your favorite GUI to PGP (although if anyone has a web page of all/most of them, with reviews & comments and maybe even screen shots, I'd like the URL.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (2)
-
Adam Shostack -
Ed Carp