CDR: Re: Rijndael & Hitachi

[Ray Dillinger]

On Wed, 11 Oct 2000, Arnold G. Reinhold wrote:

>The fact that some people put Medeco's in glass doors, doesn't mean 
>Medeco should never develop a better lock.

I don't have a problem with people who manufacture locks.  
I have a problem with the people who sell them.  

A sign of irrational fear is when the thing that is the 
*symbol* of security -- in this case the lock, or the cipher, 
is made very strong -- but used in a way that does not afford 
good *actual* security.  

If the fear of being burgled weren't at least partly 
irrational, meaning if it were based mostly on experience 
rather than mostly on fear -- we'd be seeing doors with 
half-inch thick steel plates in them to provide the same 
level of security as the medeco lock -- and reinforced 
concrete walls to provide the same level of security as 
the door.

Ditto ciphers.  A strong cipher is like that Medeco 
lock, or even better - but if the "door" is a dumb 
key management policy, or the key is easily guessable, 
then what has been gained?  

Because what is a lock, really?  It makes it harder to 
get in *without breaking anything*.  But actual burglars 
could really care less whether they break some of your 
stuff -- provided it's stuff they can't steal.  So if 
actual burglars were as common as the people who sell 
these fancy locks tend to make out in their sales pitches, 
most folks would know, from experience, that burglars 
who break a window or a door are far more common than 
burglars who pick a lock -- and would be demanding 
*actual* security, meaning windows, doors and walls made 
of unbreakable stuff, rather than just *symbolic* security, 
of a strong lock or a strong cipher. 

If you want to propose a "Paranoid Encryption Standard", 
IE, a system for people who actually *DO* expect people 
to spend several million bucks and hundreds of man-years
and thousands of CPU-years trying to break it, then it's 
going to have to encompass a hell of a lot more than 
ciphers.  Start with physical machine security -- put 
the box in a concrete bunker with armed guards, give it 
a flat-panel monitor and roll your own drivers and video 
hardware. Stick a thermite grenade with a photosensitive 
fuse in the hard drive box. Make a continuous circuit 
through all the case components, that will detect anybody 
taking the case off, and blow the HD if the circuit's 
broken. Do a couple dozen other things along this line, 
and you'll have the physical security thing covered about 
as well as your cipher protects the data. 

But you're not through yet -- you've got the lock and the 
door, but burglars can still come in through the windows 
and the walls.  You've got to do some real serious data 
security as well. 

First of all, nothing unencrypted is EVER written to the 
hard drive except a bootstrap loader that prompts for a 
cipher key.  When it gets the cipher key, it reads and 
attempts to unencrypt the rest of the boot record.  

There is NO swap partition, and no swapping OS is to be used. 

The system computes a new cipher key every day using a 
cryptographically strong random number generator, and notifies 
you of it in a pencil-and-paper cipher that you can solve. 
(on high-entropy binary data, pencil-and-paper ciphers are 
actually quite strong)  That's the key you would need to 
use the following day.  If you don't log on for one day, 
you will not have the key for the following day, period. 
Thus, if someone seizes your box and you can hold out for 
*one* day, the data is GONE. 

But the burglars can still come in, maybe, through the roof.

So just to make sure of it, put a timer in there that blows 
the HD if it's ever been more than 24 hours since you were 
last logged on.  

*There's* your paranoid encryption standard.  Use blowfish for 
the cipher, and the cipher won't be the weakest point. 

				Bear