Multi-part security solutions (Was: Re: Rijndael & Hitachi)
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 11 Oct 2000, Arnold G. Reinhold wrote:
Derek Atkins adds:
Why try to pick a Medeco when it's locking a glass door? :-)
The fact that some people put Medeco's in glass doors, doesn't mean Medeco should never develop a better lock.
Sure, Medeco should keep working on developing the best locks that it can produce. However, if you are going to design your structure with a glass door, it really makes no technological sense to exceed the security provided by the glass door with the other components (locks, hinges, etc.). Put a Medeco or an ASSA in a door that can be jimmied or broken down, and you've gained nothing that you wouldn't have had with a high quality lock lacking a sidebar. Except a warm fuzzy feeling inside: "We have unpickable locks!" Most burglar aren't going to spend the time picking your locks, regardless of what you have installed. The James Bond approach of sticking a pick in a lock (sans tension wrench), wiggling it a half a second, and then opening the door is pure fantasy. Lock picking, even for a very seasoned locksmith, takes more time than can be afforded in most cases. The same principle applies for fancy biometric access measures. I've seen high profile Internet security companies that have hand geometry scanners and I-Button controlled locks on doors that have door hardware that can be opened with pen-knives, coat hangers, and credit cards in a matter of seconds. How about ISP collocation centers with private, locked compartments for security conscious customers? Check the raised floors and the drop ceilings. In many cases, I fear, you will find that the steel doors on the compartment stop 18 inches above the concrete floor below, and/or don't extend past the ceiling tiles. Is it likely someone is going to pop the floor tile, craw around the cables and then pop up in your private collo space? No. But you as the customer deserve to be aware of where the weaknesses are. The only reasons I see for having a security system (be it an encryption product, or a physical access device) with a large discrepancy in the level of security that the individual components provide is either: a) Incompetence on the part of the designer, when the weaker component is thought to be as or nearly as secure as the stronger component, or b) An intentional marketing design stunt, where the purpose of the stronger component is to make the consumer comfortable with using an inherently weaker solution, or c) "Future capacity planning" (see also: budget cutbacks). Perhaps most excusable is "c", where the hypothetical Medeco would be installed in the glass door, with the intention of implementing a steel door in the future, while retaining the Medeco lock. The chances of such improvements happening decrease drastically the longer the weaker (but working) solution is in place. ("It's been good enough so far...") As for the other two reasons, obviously, "a" is the better case here, as the problem will (in a lot, if not most cases) be corrected after being discovered. I am disgusted by the use of security devices purely for marketing reasons. The mentality that "It doesn't matter that we can't provide quality entropy in our encryption product as long as we can say we use 256 bit Twofish" is demonstrative of negligence. I want to be told the security of the *weakest* part of the system, as that is the measure of the entire system's security. Then I will decide if it is sufficient for me. Certain things we just take for granted. No one seems phased by using wooden or glass doors to secure sensitive locations. Some people religiously arm their car alarms, but when was the last time you paid attention to a blaring car alarm, other than to wish it would stop? Does anyone hear one of those, and call 911 to report theft? I don't think so. Who here actually verifies ssh key fingerprints before accepting them upon connecting to a host for the first time? Or when the host key changes? Very few people, I would bet. Security is a ritual, not a product. - -MW- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 Comment: No comment. iQEVAwUBOeT/dSsFU3q6vVI9AQFVdwf/YvVNrEnup42xIZh6xasSkGuvW1IIqLTL rUBLgI67Ip/Cpv7Q127nzv/1oQzVkfSSPzfRmN7UnjQMDQab+LQHqUv22eIDk5Ft 9Zoqef5JeKmz7NkUjt+6GX/B4WTHo3ZefrIVD0Hqg4dkTTsFC+ibiqEnC3xM4gT6 xHUpbnX/Vhfudw+j1bpkUwTFFlP0lPKVEK803bNOMoPUcubHj9TRoFq64f+got5s ieEqPMEc3/EZAq+/72kZgZHMN1YEBg3rZ+i2EaZhG5iIleEO69DqYau6kVUxX5lJ nEditzNjXox4jV0p+CwBCRU4r6WFX27480zh5iAo6M24FFfQlg/sng== =fjfM -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- At 04:57 PM 10/11/00 -0700, Meyer Wolfsheim wrote:
The only reasons I see for having a security system (be it an encryption product, or a physical access device) with a large discrepancy in the level of security that the individual components provide is either:
... I'd add one more reason to yours, which is especially relevant in the crypto world: d) Use of standard components. If it costs nothing more to use Rijndael to encrypt all your data than to use FEAL-8, then why not go ahead and use Rijndael, which is widely available in crypto libraries and such? Okay, so your system doesn't even provide FEAL-8 level security, but there's no reason to go out of your way to use a bad cipher, along with all the other problems, right? (I've often suspected that if all fielded encryption in use today were replaced by FEAL-8X (FEAL-8 with 128-bit keys), there would be virtually no impact on practical security. I think the best know attack requires 2^{25} known plaintexts, which are almost never available in practice.) This is the situation that we would have if all-but- unpickable locks cost exactly the same amount as the crappy toy locks they usually sell with luggage.
I am disgusted by the use of security devices purely for marketing reasons. The mentality that "It doesn't matter that we can't provide quality entropy in our encryption product as long as we can say we use 256 bit Twofish" is demonstrative of negligence. I want to be told the security of the *weakest* part of the system, as that is the measure of the entire system's security. Then I will decide if it is sufficient for me.
I agree in principle, but in practice, some of these measures are a lot easier to figure out than others. Like, it's easy to see determine that you're using a cipher with a sufficiently long key and a good pedigree. It's harder to determine whether your PRNG always gets as much entropy as it needs to generate unguessable keys. It's still harder to determine whether anyone your CA ever hires will be willing to generate a few new keys that are supposed to be in your hierarchy, and use them to run some kind of fraud on your system. Or that there are no software flaws that make it easy to defeat the system, despite the use of first-rate components. Or.... ...
Security is a ritual, not a product.
:)
- -MW-
--John Kelsey, Counterpane Internet Security, kelsey@counterpane.com PGP Fingerprint: 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 Int. for non-commercial use <http://www.pgpinternational.com> Comment: foo iQCVAwUBOeVlwyZv+/Ry/LrBAQF05QP/dM8gCxDCzM2WGV6rd54fvTvDkzfL8HqL 03k4/EDAOJPJhuOv79WW7Q9UZUK+FQ4tsZlBgsJ83KAGQ+6y5YEZXQawl7bLGR/w TDPgwQfHcctTKxUOBdiNPet/AoWDXp6o3eW/x1141u8X6zc4zzcDVZSowUJ9ykKO 1GiOlUnEhQk= =c44O -----END PGP SIGNATURE-----
participants (2)
-
John Kelsey -
Meyer Wolfsheim