Slashdot Mirror

← Back to Stories (view on slashdot.org)

Distributed Security

Posted by Hemos on from the lock-down-everything dept.

A reader writes: ""Where Schneier had sought one overarching technical fix, hard experience had taught him the quest was illusory." A long and detailed article at The Atlantic Online on why Bruce Schneier has come down from his strong cryptography tower to preach the gospel of small scale, ductile security against the popular approach of broad scale, often high tech security that often proves to be very brittle."

3 of 110 comments (clear)

  1. Read Ross Anderson's work by Camillo · · Score: 5, Informative
    Bruce's "enlightenment" is of course a good thing, and he is brilliant in his way of presenting security issues for the masses. However, security engineering is far from a new field, and many of the principles are well established.

    Take a look at Ross Anderson's home page, read a few of his classics like "Why Cryptosystems Fail", "Programming Satan's Computer" and "The Cocain Auction Protocol".

    Ross' book "Security Engineering - A Guide to Building Dependable Distributed Systems" should be mandatory reading for anyone who writes code for networked computers - no matter what kind of computers.

    I feel that one of the biggest threats to Internet security today is the inability to learn from history. That is, after all, at the core of the engineering arts and sciences.

  2. The Trinity of Authentication by dido · · Score: 5, Informative

    What Schneier actually advocates in the article is the use of at least two of these three layers for doing user authentication: something you know (e.g. a password), something you have (e.g. a smart card or other secure token), and something you are (biometrics falls into this rubric). Depending on only one is necessarily weak, but even two of the three taken together would be strong indeed. For instance, if you have a website that uses not only username/password pairs for authentication, but lives on SSL *and* requests client-side certificates from any browser that wishes to visit the protected page uses both something you know (your username and password) and something you have (the computer where the browser with the client-side certificate is installed, or better yet if the cert lives on a smart card). THAT would make Schneier's Parable of the Dirty Website fail utterly without extra work: without the client-side cert, the web page wouldn't even serve the username/password page to you. Fine, the password is compromised because the employee used the same password to surf for porn, but since access to the certificate is limited to the computer where it's installed, or the smart card possessed by the employee no dice unless you can also steal the smart card and/or computer. Even better would be to provide biometric authentication for the secured computer, so you'd then have to steal the fingerprint or retinal scan or whatnot as well to break the system.

    It can be done of course, but it would require contortions worthy of Sneakers .

    The whole article actually feels like a distillation of the last six months of the Crypto-Gram newsletter.

    --
    Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
  3. Funny, comming at the same time as the PGP vuln. by Styx · · Score: 3, Informative

    Shneier et al just released a paper about a PGP/GPG vulnerability. This vulnerabilty relies on the PGP user not being paranoid, and doing something that's not too smart.

    So, once again, you're only as secure as the weakest link, which is often the user...

    --
    /Styx