CDR: Multi-part security solutions (Was: Re: Rijndael & Hitachi)
![](https://secure.gravatar.com/avatar/7ce0c2159d220dfcc6d1c77b37746a24.jpg?s=120&d=mm&r=g)
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 11 Oct 2000, Arnold G. Reinhold wrote:
Derek Atkins adds:
Why try to pick a Medeco when it's locking a glass door? :-)
The fact that some people put Medeco's in glass doors, doesn't mean Medeco should never develop a better lock.
Sure, Medeco should keep working on developing the best locks that it can produce. However, if you are going to design your structure with a glass door, it really makes no technological sense to exceed the security provided by the glass door with the other components (locks, hinges, etc.). Put a Medeco or an ASSA in a door that can be jimmied or broken down, and you've gained nothing that you wouldn't have had with a high quality lock lacking a sidebar. Except a warm fuzzy feeling inside: "We have unpickable locks!" Most burglar aren't going to spend the time picking your locks, regardless of what you have installed. The James Bond approach of sticking a pick in a lock (sans tension wrench), wiggling it a half a second, and then opening the door is pure fantasy. Lock picking, even for a very seasoned locksmith, takes more time than can be afforded in most cases. The same principle applies for fancy biometric access measures. I've seen high profile Internet security companies that have hand geometry scanners and I-Button controlled locks on doors that have door hardware that can be opened with pen-knives, coat hangers, and credit cards in a matter of seconds. How about ISP collocation centers with private, locked compartments for security conscious customers? Check the raised floors and the drop ceilings. In many cases, I fear, you will find that the steel doors on the compartment stop 18 inches above the concrete floor below, and/or don't extend past the ceiling tiles. Is it likely someone is going to pop the floor tile, craw around the cables and then pop up in your private collo space? No. But you as the customer deserve to be aware of where the weaknesses are. The only reasons I see for having a security system (be it an encryption product, or a physical access device) with a large discrepancy in the level of security that the individual components provide is either: a) Incompetence on the part of the designer, when the weaker component is thought to be as or nearly as secure as the stronger component, or b) An intentional marketing design stunt, where the purpose of the stronger component is to make the consumer comfortable with using an inherently weaker solution, or c) "Future capacity planning" (see also: budget cutbacks). Perhaps most excusable is "c", where the hypothetical Medeco would be installed in the glass door, with the intention of implementing a steel door in the future, while retaining the Medeco lock. The chances of such improvements happening decrease drastically the longer the weaker (but working) solution is in place. ("It's been good enough so far...") As for the other two reasons, obviously, "a" is the better case here, as the problem will (in a lot, if not most cases) be corrected after being discovered. I am disgusted by the use of security devices purely for marketing reasons. The mentality that "It doesn't matter that we can't provide quality entropy in our encryption product as long as we can say we use 256 bit Twofish" is demonstrative of negligence. I want to be told the security of the *weakest* part of the system, as that is the measure of the entire system's security. Then I will decide if it is sufficient for me. Certain things we just take for granted. No one seems phased by using wooden or glass doors to secure sensitive locations. Some people religiously arm their car alarms, but when was the last time you paid attention to a blaring car alarm, other than to wish it would stop? Does anyone hear one of those, and call 911 to report theft? I don't think so. Who here actually verifies ssh key fingerprints before accepting them upon connecting to a host for the first time? Or when the host key changes? Very few people, I would bet. Security is a ritual, not a product. - -MW- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 Comment: No comment. iQEVAwUBOeT/dSsFU3q6vVI9AQFVdwf/YvVNrEnup42xIZh6xasSkGuvW1IIqLTL rUBLgI67Ip/Cpv7Q127nzv/1oQzVkfSSPzfRmN7UnjQMDQab+LQHqUv22eIDk5Ft 9Zoqef5JeKmz7NkUjt+6GX/B4WTHo3ZefrIVD0Hqg4dkTTsFC+ibiqEnC3xM4gT6 xHUpbnX/Vhfudw+j1bpkUwTFFlP0lPKVEK803bNOMoPUcubHj9TRoFq64f+got5s ieEqPMEc3/EZAq+/72kZgZHMN1YEBg3rZ+i2EaZhG5iIleEO69DqYau6kVUxX5lJ nEditzNjXox4jV0p+CwBCRU4r6WFX27480zh5iAo6M24FFfQlg/sng== =fjfM -----END PGP SIGNATURE-----
![](https://secure.gravatar.com/avatar/7ce0c2159d220dfcc6d1c77b37746a24.jpg?s=120&d=mm&r=g)
-----BEGIN PGP SIGNED MESSAGE----- Further thoughts on this matter... I think that we should escalate the level of liability a potential attacker has to face when attempting to compromise a security system. We should have laptops equipped with high explosives, such that the laptop detonates after a certain number of failed logins. Let's see how popular laptop theft is then. Booby-traps as a standard part of facility security. Let an intruder bypass the retina scanner if he wants, but have him face a nail gun as soon as he opens the door. Cyanide gas enabled car alarms. (I'm flexible on whether it is actually cyanide, or something better). Currently some cars won't start without a specific ignition key with an embedded chip. I say, let the car start if hot-wired... then a few minutes later, automatically roll the windows, force the locks, and gas the fucker who stole the car. No damage to the upholstery. As for computer systems, we should have IDS systems that retaliate to attacks. It seems to me to be perfectly rational to design a firewall/IDS that determines the source of the attack, and then neutralizes it. And I think this last suggestion would be the least likely to land people in jail. Though I still to see someone do a C4-enabled laptop with corresponding Win2K GINA. :) - -MW- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 Comment: No comment. iQEVAwUBOeUJPisFU3q6vVI9AQFHYAf+PdrnTEviE5vt5swkjoj0iVNcJOpyeSub NPEqy9HXOHp6nVJlPwrGHhlPTFzcAjWo/3uLx3tJ5XRvJG6IUhhzLqe4TLH7CstH aLQ79tu87im+083XcmoF9U+P3YRm4HTbhG24CQ3m7QhSZJHoIhJatpTXZBdGOvJ0 WvsuVt9vOd1c1v0gL/g/exxSIRE05M30gmvJ/sHp0nEiCSzXShvTqh7olX77lRMm y0DuMjlP2AyCbM38Kr8BdXyecRzJ9MV6ND1B+aaq5azu2ke6h1rIXlYGcbZHJF74 O488dxPEmTIcE5mXX9TqoTC3fpsL7JnPgXrokkXR2xt0oeAGP6q4FA== =8EvB -----END PGP SIGNATURE-----
![](https://secure.gravatar.com/avatar/5ccd664bdf3ddc5842e863bd17a084f3.jpg?s=120&d=mm&r=g)
At 4:57 PM -0700 10/11/00, Meyer Wolfsheim wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 11 Oct 2000, Arnold G. Reinhold wrote:
Derek Atkins adds:
Why try to pick a Medeco when it's locking a glass door? :-)
The fact that some people put Medeco's in glass doors, doesn't mean Medeco should never develop a better lock.
Sure, Medeco should keep working on developing the best locks that it can produce.
However, if you are going to design your structure with a glass door, it really makes no technological sense to exceed the security provided by the glass door with the other components (locks, hinges, etc.). Put a Medeco or an ASSA in a door that can be jimmied or broken down, and you've gained nothing that you wouldn't have had with a high quality lock lacking a sidebar. Except a warm fuzzy feeling inside: "We have unpickable locks!"
Well, not so. This whole discussion is missing an important ontological factor: whether intrusion is detectable. A Medeco lock on a glass door may seem crazy, but a pickable lock on a glass door means those who know how to pick locks--like cops who have access to lock guns--can enter at will without any persistent evidence of their intrusion. The application to crypto is that the issue of personal data security (black bag jobs on keys, for example) is a separate issue from machine to machine security. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
![](https://secure.gravatar.com/avatar/5ccd664bdf3ddc5842e863bd17a084f3.jpg?s=120&d=mm&r=g)
At 5:41 PM -0700 10/11/00, Meyer Wolfsheim wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Further thoughts on this matter...
I think that we should escalate the level of liability a potential attacker has to face when attempting to compromise a security system.
We should have laptops equipped with high explosives, such that the laptop detonates after a certain number of failed logins. Let's see how popular laptop theft is then.
Agreed. However, the commies and simp-wimps have created "liability" laws which make such personal protection measures completely infeasible in every country infected with the American legal disease. Pace trap guns, of course. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
![](https://secure.gravatar.com/avatar/5ef258b5a1c1327f1c579e4aed372014.jpg?s=120&d=mm&r=g)
Meyer Wolfsheim wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Further thoughts on this matter...
I think that we should escalate the level of liability a potential attacker has to face when attempting to compromise a security system.
I like where you're coming from, but there's one nit:
Cyanide gas enabled car alarms. (I'm flexible on whether it is actually cyanide, or something better). Currently some cars won't start without a specific ignition key with an embedded chip. I say, let the car start if hot-wired... then a few minutes later, automatically roll the windows, force the locks, and gas the fucker who stole the car. No damage to the upholstery.
Their sphincters would probably release at some point. You still need Scotchguard, or whatever replaced it. Other than that, great ideas. -- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net
![](https://secure.gravatar.com/avatar/9b74b6c7287c13272483a145147cf259.jpg?s=120&d=mm&r=g)
At 06:11 PM 10/11/00 -0700, Tim May wrote:
A Medeco lock on a glass door may seem crazy, but a pickable lock on a glass door means those who know how to pick locks--like cops who have access to lock guns--can enter at will without any persistent evidence of their intrusion.
Intrusion detection is important. Also, if it doesn't cost significantly more, you might as well use the Medeco lock on the glass door, or use 128-bit RC4 instead of 40-bit. Besides, the Medeco lock is probably more durable than the El Cheapo, and less likely to jam in an unlocked position. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (4)
-
Bill Stewart
-
Meyer Wolfsheim
-
Steve Furlong
-
Tim May