Slashdot Mirror
Decrypting the Secret to Strong Security
farrellj writes "Cnet has an excellent article by Whitfield Diffie, who has probably has forgotten more about crypto than 99.9% of us will ever know, explains why secrecy does not equal security. The article also addresses the whole "open source vs proprietary software" security issue. A definite *must read* for anyone concerned about security...and that should be everyone!"
Whitfield Diffie, who has probably has forgotten more about crypto than 99.9% of us will ever know, explains why secrecy does not equal security.
For an excellent treatment of this important point, that secrecy != security, read Bruce Schneier's "Secrets and Lies: Digital Security in a Networked World".
It's the best book on the topic available.
Arr! The laws of physics be a harsh mistress!
You missed the point...
Everybody can know the RSA algorithm, it's no secret. If everybody knows the code then the "good guys" and the "bad guys" can look at it. So, if in all this years nobody from the "good guys" found a flaw in it, it means that almost by sure it is safe.
Now image a crypto algorithm that is kept secrept. There are less eyes looking at it. The "good guys" don't waste much time reverse-engineering it, but the "bad guys" do. So the probability of a "bad guy" finding a flaw before the "good guys" is much bigger.
The secret is in the key, not the algorithm. Keys are easially changed, algorithms no
Haha ... cute :)
For those of you who don't know, he's the co-inventor of public-key cryptography. Bow to him, because we're not worthy!
I don't think it's quite that bad. Imagine you are maintaining a repository of signed documents (eg security patches for an OS). You sign these with a private key and make sur ethe public key is widely advertised, so people can check that your documents have not been compromised.
Now, assume your private key is compromised. This is bad but not the end of civilisation as we know it. You can make sure the world knows not to trust that key, at which point is as if your repository had never existed, and you are starting from scratch. You would need to get your documents back from a trusted archive (you did take backups didn't you:-)), and sign them with a new key pair. You are back in busines as soon as the new public key had been recieved and verified by enough trustworthy people.
So, loss of the secret is a big pain in the arse, but not disasterous. Just how painful it is depends on how well you have planned, eg having that trusted archive, having channels to quickly disavow your compromised key and the network of widely trusted people who know how to check that your new key really came from you.
in a legally signed document scenario, you might arange for an electronic notary to annotate your document with the date you signed it and then sign the annoted document. Then people could tell whether the document was signed before your key was compromised, and a fraudster needs to get at both your secret and that of the notary.
_O_
.|< The named which can be named is not the true named
It's the best book on the topic available.
Actually, I beg to differ. Security Engineering by Dr Ross Anderson is IMHO a far more rigorous treatment of this subject. Details are here. It's even just as easy to read as Schneiers book...Of course, Bruce is a far better at self marketting.
I am looking forward to getting Schneiers new Practical Cryptography book though (here).
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
I haven't seen anyone (save a few Slashdot trolls) seriously argue that binary-only software is inherently more secure, either in theory or in practice.
/.?
Then you must not get out much.
Alexis de Tocqueville Institution published a white paper (funded by Microsoft) that argues this very point. Do you consider them "slashdot trolls"?
How about Steve Lipner, manager of Microsoft's security response center? Is he a troll too?
Hmm, ZDNet has another (unnamed this time) source from MS, who claims that too. You're saying that MS's spokespeople troll
I've also seen company websites (SoftArc comes immediatly to mind) that stated (in effect) "we don't release source code because it's more secure that way" - sorry, no link for this one, as they've changed their site... but there is a chice quote on their security page, where they explain that their products are more secure because "connections employ entirely proprietary protocols"
The thing is that this FUD is spewed about by people who don't know what they're talking about, and believed by others who haven't thought about it too much. "Security through obscurity" makes an inutitive kind of common sense, unless you think about it for awhile, or are exposed to the flaws (which aren't as intuitive.) It's the same kind of sense that got the DMCA passed.
Mr. Diffie isn't writing for the security community, but for the people outside the security community, who might be led to believe that obscurity does provide security.
Diffie-Hellman key exchange relies on two secrets between the two people who are communicating (or three for three people, and so on), and these secrets are nothing but large, random integers. Since these integers don't have to have any specific properties (such as the key pairs in RSA) they can be thrown away at the end of the session, changed every hour, and so on. In the context of cryptographic algorithms, Diffie's statement is backed up by his inventions.
See: http://www.apocalypse.org/pub/u/seven/diffie.html