CDR: Re: Schneier: Why Digital Signatures are not Signatures (was Re: CRYPTO-GRAM, November 15, 2000)
Ray Dillinger
bear at sonic.net
Thu Nov 16 10:48:16 PST 2000
On Thu, 16 Nov 2000, John Young wrote:
>Still, is there no alternative to giving government and
>corporations first, if not exclusive, choice on the best
>products and services,
Not if you plan to make a legal profit, there isn't. After
all, government and corporations are the people with the
money.
>Now, none of this applies to Bruce's evolving computer
>security body of work, which is most impressive. It's just not
>clear what will evolve as Counterpane takes more of his
>time and effort.
Which mostly consists of pointing out flaws and problems with
things other than the encryption/decryption algorithms in use:
Bits of it are definitely worth a read between auditing routines
in your code. (oh yeah, I have 64 bits of key in this local
variable, and I'm exiting the routine: better remember to write
over them so whatever grabs the memory next can't read them....
and while I'm at it, I better declare that 'volatile' so the
system can't swap it to disk...)
This stuff is why you can't just plug libraries together and
have a good crypto product; A 'math library' made for crypto
has to do fundamental things to prevent other applications
getting their hands on 'numbers' that a math library for general
application does not have to do. Ditto a windowing or GUI system
made for crypto, etc. All these slap-together GUI programs
made with MFC etc that we're seeing, are a completely wrong
approach for cryptographic software; you can't make that stuff
secure, you have to write your own. And this is what Schneier
has been pointing out. And thank goodness somebody's been
pointing it out.
>Cybercrime begins with criminalizing digital information,
>that is, to regulate who gets access to private secrets,
>who runs the protection rackets: "don't trust your
>computer" is the next step after "don't trust the Internet."
>Confidence in both requires the assurance services of
>who? Ah yes, I see.
But for Homer Husband and Harriet Housewife, this is a valid
point. We can download source, audit it, compile it, and then
audit the crucial bits of binary to make sure nothing funny
is going on with our compilers. We, as technogeeks and cryptogeeks,
can set up our own trusted machines. But Homer and Harriet can't
count to eleven without someone lending them a hand, and without
training and dedication, there is no way in hell that they can
hold enough stuff in their heads to set up a trusted machine on
their own - thus "trust" will always be a leap of faith.
However, even with a "machine trust" issue in the way, I don't
see that digital signatures are *less* secure than the types of
signatures now accepted in court. After all, signature forgery
on paper documents is not unknown or impossible either, and the
"Digital signature act" earlier this year allows unencrypted (!)
HTTP requests received via the internet to be held as signatures
in court.
There is a fundamental schism here between the "identity is meat"
school of thought in which our legal system is based and the
"identity is bits" school of thought manifested in digital signature
protocols. But that's a more fundamental idea, and I want to address
it in a different post.
Bear
More information about the cypherpunks-legacy
mailing list