[Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?

Eugen Leitl eugen at leitl.org
Sun Oct 6 03:03:49 PDT 2013


----- Forwarded message from Phillip Hallam-Baker <hallam at gmail.com> -----

Date: Fri, 4 Oct 2013 09:57:39 -0400
From: Phillip Hallam-Baker <hallam at gmail.com>
To: Alan Braggins <alan.braggins at gmail.com>
Cc: "cryptography at metzdowd.com" <cryptography at metzdowd.com>
Subject: Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?
Message-ID: <CAMm+LwgXC4QmA+a9MaVzRJZ+ce=R0Uap8Z3qb6ehiii=qTYQCg at mail.gmail.com>

On Thu, Oct 3, 2013 at 5:38 AM, Alan Braggins <alan.braggins at gmail.com>wrote:

> On 02/10/13 18:42, Arnold Reinhold wrote:
>
>> On 1 Oct 2013 23:48 Jerry Leichter wrote:
>>
>>  The larger the construction project, the tighter the limits on this
>>> stuff.  I used to work with a former structural engineer, and he repeated
>>> some of the "bad example" stories they are taught.  A famous case a number
>>> of years back involved a hotel in, I believe, Kansas City.  The hotel had a
>>> large, open atrium, with two levels of concrete "skyways" for walking
>>> above.  The "skyways" were hung from the roof.  As the structural engineer
>>> specified their attachment, a long threaded steel rod ran from the roof,
>>> through one skyway - with the skyway held on by a nut - and then down to
>>> the second skyway, also held on by a nut.  The builder, realizing that he
>>> would have to thread the nut for the upper skyway up many feet of rod, made
>>> a "minor" change:  He instead used two threaded rods, one from roof to
>>> upper skyway, one from upper skyway to lower skyway.  It's all the same,
>>> right?  Well, no:  In the original design, the upper nut holds the weight
>>> of just the upper skyway.  In the m
>>>
>> o
>
>>   di
>>
>>> fied version, it holds the weight of *both* skyways.  The upper
>>> fastening failed, the structure collapsed, and as I recall several people
>>> on the skyways at the time were killed.  So ... not even a factor of two
>>> safety margin there.  (The take-away from the story as delivered to future
>>> structural engineers was *not* that there wasn't a large enough safety
>>> margin - the calculations were accurate and well within the margins used in
>>> building such structures.  The issue was that no one checked that the
>>> structure was actually built as designed.)
>>>
>>
>> This would be the 1981 Kansas City Hyatt Regency walkway collapse (
>> http://en.wikipedia.org/wiki/**Hyatt_Regency_walkway_collapse<http://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse>
>> **)
>>
>
> Which says of the original design: "Investigators determined eventually
> that this design supported only 60 percent of the minimum load required by
> Kansas City building codes.[19]", though the reference seems to be a dead
> link. (And as built it supported 30% or the required minimum.)
>
> So even if it had been built as designed, the safety margin would not
> have been "well within the margins used in building such structures".


The case is described in Why Buildings Fall Down.

The original design was sound structurally but could not be built as it
would have required the entire length of the connection rod to be threaded.
There was no way to connect one structure to the other.

The modified design could be built but had a subtle flaw: the upper skyway
was now holding the entire weight of both The strength of the joint was
unaffected by the change but the load on the joint doubled.


We see very similar effects in cryptographic systems. But the main problem
is that our analysis apparatus focuses on the part of the problem we know
how to analyze rather than the part of the problem that fails most often.

Compare the treatment of coding errors in cryptographic software and the
treatment of CA mis-issue. Coding errors are much more likely to impact the
end user and much more likely to occur. But those get a free pass. Nobody
has ever suggested that the bugs in Sendmail in the early 1990s should have
stopped people using the product (OK apart from me). But seven mis-issued
certificates and there is a pitchfork wielding mob outside my house.

The fact that the Iranian Revolutionary Guard has a web site filled with
hijacked software that is larded up with backdoors completely missed the
attention of most of the people worrying about the seven certificates, all
of which were revoked within minutes and would be rejected by any browser
that implemented revocation checking like they should. But much easier to
flame on about the evils of CAs than ask why the browser providers prefer
shaving a few milliseconds off the latency of their browser response than
making their customers secure.


Oh and it seems that someone has murdered the head of the IRG cyber effort.
I condemn it without qualification. There are many people who have a vested
interest in keeping wars and confrontations going. There are many beltway
contractors who stand to make a lot of money if they can persuade the US
people to fund a fourth branch of the military to fight cyber wars and fund
it as lavishly as they have foolishly funded the existing three.

A trillion dollars a year spent on bombs bullets and death is no cause for
pride. Nobody should ever carry a gun or wear a military uniform with
anything other than shame for the fact that our inability to solve our
political issues without threat of violence makes it necessary. We do not
need to spend hundreds of billions more on a new form of warfare. But there
are many who would get a lot richer if we did.

As Eisenhower observed, spending too much on the military makes the country
less safe. If politicians believe their war machine is invincible, some
stupid fool is going to use it just because they can. Just like the last
President did. At the end of the cold war when the Soviet Union was on its
knees, so was Margaret Thatcher, begging Gorbachev to send the tanks into
East Berlin and stop the collapse of the enemy that her world was built in
opposition to. And Thatcher claimed to be speaking for the other Western
leaders as well. I have the transcript of the meeting if anyone is
interested.


While most of the information on the Comodo attack is in the public domain
there is some that was with-held. The reason was not to protect Comodo but
to protect the attacker in the unlikely event that they were actually
telling the truth and they were acting outside government direction. The
chance is very small but if they were acting on their own initiative and
had diverted the entire Iranian Internet they would risk a long prison
sentence, possibly a capital sentence if they were caught. I am not going
to provide the Iranian authorities with information that could assist them
in that even if the guy had attacked us.


One of the more ridiculous spectacles resulting from PRISM is the parade of
establishment worthies telling us that we don't need to be worried about
the government intercepts and we should not worry our silly heads about
matters that are too complex to understand. Well I knew quite a few members
of the British cabinet when they were up at Oxford, I have known
politicians all my life, my cousin was a cabinet member, I have met world
leaders and acknowledged leading foreign policy experts. That experience
gives me absolutely no confidence in the establishment worthies.

-- 
Website: http://hallambaker.com/

_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131006/01af5068/attachment-0001.sig>


More information about the cypherpunks mailing list