Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?
----- Forwarded message from Phillip Hallam-Baker
On 02/10/13 18:42, Arnold Reinhold wrote:
On 1 Oct 2013 23:48 Jerry Leichter wrote:
The larger the construction project, the tighter the limits on this
stuff. I used to work with a former structural engineer, and he repeated some of the "bad example" stories they are taught. A famous case a number of years back involved a hotel in, I believe, Kansas City. The hotel had a large, open atrium, with two levels of concrete "skyways" for walking above. The "skyways" were hung from the roof. As the structural engineer specified their attachment, a long threaded steel rod ran from the roof, through one skyway - with the skyway held on by a nut - and then down to the second skyway, also held on by a nut. The builder, realizing that he would have to thread the nut for the upper skyway up many feet of rod, made a "minor" change: He instead used two threaded rods, one from roof to upper skyway, one from upper skyway to lower skyway. It's all the same, right? Well, no: In the original design, the upper nut holds the weight of just the upper skyway. In the m
o
di
fied version, it holds the weight of *both* skyways. The upper fastening failed, the structure collapsed, and as I recall several people on the skyways at the time were killed. So ... not even a factor of two safety margin there. (The take-away from the story as delivered to future structural engineers was *not* that there wasn't a large enough safety margin - the calculations were accurate and well within the margins used in building such structures. The issue was that no one checked that the structure was actually built as designed.)
This would be the 1981 Kansas City Hyatt Regency walkway collapse ( http://en.wikipedia.org/wiki/**Hyatt_Regency_walkway_collapsehttp://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse **)
Which says of the original design: "Investigators determined eventually that this design supported only 60 percent of the minimum load required by Kansas City building codes.[19]", though the reference seems to be a dead link. (And as built it supported 30% or the required minimum.)
So even if it had been built as designed, the safety margin would not have been "well within the margins used in building such structures".
The case is described in Why Buildings Fall Down. The original design was sound structurally but could not be built as it would have required the entire length of the connection rod to be threaded. There was no way to connect one structure to the other. The modified design could be built but had a subtle flaw: the upper skyway was now holding the entire weight of both The strength of the joint was unaffected by the change but the load on the joint doubled. We see very similar effects in cryptographic systems. But the main problem is that our analysis apparatus focuses on the part of the problem we know how to analyze rather than the part of the problem that fails most often. Compare the treatment of coding errors in cryptographic software and the treatment of CA mis-issue. Coding errors are much more likely to impact the end user and much more likely to occur. But those get a free pass. Nobody has ever suggested that the bugs in Sendmail in the early 1990s should have stopped people using the product (OK apart from me). But seven mis-issued certificates and there is a pitchfork wielding mob outside my house. The fact that the Iranian Revolutionary Guard has a web site filled with hijacked software that is larded up with backdoors completely missed the attention of most of the people worrying about the seven certificates, all of which were revoked within minutes and would be rejected by any browser that implemented revocation checking like they should. But much easier to flame on about the evils of CAs than ask why the browser providers prefer shaving a few milliseconds off the latency of their browser response than making their customers secure. Oh and it seems that someone has murdered the head of the IRG cyber effort. I condemn it without qualification. There are many people who have a vested interest in keeping wars and confrontations going. There are many beltway contractors who stand to make a lot of money if they can persuade the US people to fund a fourth branch of the military to fight cyber wars and fund it as lavishly as they have foolishly funded the existing three. A trillion dollars a year spent on bombs bullets and death is no cause for pride. Nobody should ever carry a gun or wear a military uniform with anything other than shame for the fact that our inability to solve our political issues without threat of violence makes it necessary. We do not need to spend hundreds of billions more on a new form of warfare. But there are many who would get a lot richer if we did. As Eisenhower observed, spending too much on the military makes the country less safe. If politicians believe their war machine is invincible, some stupid fool is going to use it just because they can. Just like the last President did. At the end of the cold war when the Soviet Union was on its knees, so was Margaret Thatcher, begging Gorbachev to send the tanks into East Berlin and stop the collapse of the enemy that her world was built in opposition to. And Thatcher claimed to be speaking for the other Western leaders as well. I have the transcript of the meeting if anyone is interested. While most of the information on the Comodo attack is in the public domain there is some that was with-held. The reason was not to protect Comodo but to protect the attacker in the unlikely event that they were actually telling the truth and they were acting outside government direction. The chance is very small but if they were acting on their own initiative and had diverted the entire Iranian Internet they would risk a long prison sentence, possibly a capital sentence if they were caught. I am not going to provide the Iranian authorities with information that could assist them in that even if the guy had attacked us. One of the more ridiculous spectacles resulting from PRISM is the parade of establishment worthies telling us that we don't need to be worried about the government intercepts and we should not worry our silly heads about matters that are too complex to understand. Well I knew quite a few members of the British cabinet when they were up at Oxford, I have known politicians all my life, my cousin was a cabinet member, I have met world leaders and acknowledged leading foreign policy experts. That experience gives me absolutely no confidence in the establishment worthies. -- Website: http://hallambaker.com/ _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
participants (1)
-
Eugen Leitl