Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Crypto Gardening Guide and Planting Tips

Posted by michael on from the nous-devons-cultiver-nos-jardins dept.

ncostigan writes "Peter Gutmann of cryptlib fame has written a very readable paper on real-world constraints for cryptographers, and points out problems that their designs will run into when attempts are made to deploy them. Also included is a motivational list of extremely uncool problems that implementors have been building ad-hoc solutions for since no formal ones exist."

2 of 91 comments (clear)

  1. Re:The Real Question by plcurechax · · Score: 3, Insightful
    What I'd advocate, and I'm sure that privacy nuts and other security wonks would hate, would be government-issued smart cards that contain a user's private key.

    Security wonks hate it because it is insecure. It links the security of everything you authenicate to, from your parking permit, or restaraut reservation, to your root password to the corporate servers you maintain, to your personal financial details. So if the bus boy at the restaraut gets your details, clones them onto a forged card, and saves a "snapshot" of your biometric details, that bus boy can get your SSN, credit report, and likely get credit cards in your name as well as commit government mandated identity theft.

    That sounds like a stupid idea. Bypassing the Chinese Wall of everyday life, is a dumb idea. A single id card is as stupid as Microsoft's universial id system formally known as Passport.

    ... key management systems are either proprietary or too complex for ordinary users, or just involve too many steps ...

    You are right, it is too complex, hard to use, and security engineers need to work on building better systems, and customers need to demand and pay for better systems.

    Or you'll have an Oracle/Microsoft/US Government national id card secured by MS Windows, and Oracle's nearly unbreakable database.

  2. Re:The Real Question by angst_ridden_hipster · · Score: 3, Insightful

    Three cards for police choppers in the sky
    Seven for politicians in their halls of stone
    Nine for Justices doomed to lie
    One for the President on his dark throne
    In the Land of DC where the lobbyists vie.
    One card to rule them all, one card to find them,
    one card to track IP, and in a lawsuit bind them...

    --
    Eloi, Eloi, lema sabachtani?
    www.fogbound.net