Multi-part security solutions (Was: Re: Rijndael & Hitachi)

[Tim May]

At 4:57 PM -0700 10/11/00, Meyer Wolfsheim wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Wed, 11 Oct 2000, Arnold G. Reinhold wrote:
>
>>  Derek Atkins adds:
>>
>>  >
>>  >Why try to pick a Medeco when it's locking a glass door?  :-)
>>
>>  The fact that some people put Medeco's in glass doors, doesn't mean
>>  Medeco should never develop a better lock.
>
>Sure, Medeco should keep working on developing the best locks that it can
>produce.
>
>However, if you are going to design your structure with a glass door, it
>really makes no technological sense to exceed the security provided by the
>glass door with the other components (locks, hinges, etc.). Put a Medeco
>or an ASSA in a door that can be jimmied or broken down, and you've gained
>nothing that you wouldn't have had with a high quality lock lacking a
>sidebar. Except a warm fuzzy feeling inside: "We have unpickable locks!"

Well, not so. This whole discussion is missing an important 
ontological factor: whether intrusion is detectable.

A Medeco lock on a glass door may seem crazy, but a pickable lock on 
a glass door means those who know how to pick locks--like cops who 
have access to lock guns--can enter at will without any persistent 
evidence of their intrusion.

The application to crypto is that the issue of personal data security 
(black bag jobs on keys, for example) is a separate issue from 
machine to machine security.


--Tim May
-- 
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon"             | black markets, collapse of governments.