(My apologies to Craig and anyone who lost the thread because I
screwed up setting the subject line in my last post.)
Vin McLellan wrote:
>| The "published crypto" issue is a religious debate -- and I'm on
Adam Shostack <adam @
> No, its not. The only people who don't publish widely are
>governments, and they have internal review systems
Isn't the classical definition of a religious debate one in which
at least one side is utterly certain the other side has no valid right to
I'm probably not the best person to defend this POV, but -- just to
play devil's advocate -- let me suggest that you and most of the folk on
this List move in rarefied circles. There are other types of crypto apps
than those which are seen at the firewall.
Historically, and even today, many vendors and their buyers
(particularly of high-value, limited-market, software products) prefer to
see the odds tilted so any new weakness in a crypto scheme which secures a
security product will likely be uncovered by a security professional...
rather than some Danish hotshot hacker who might use it, publish, or just
quietly circulate an exploit.
Discovery by a pro will hopefully result in, at least, an upgrade.
Discovery by a hacker could place installed-products (or the assets they
protect) at risk without warning. (Yup, I too could argue that exploit
lists like Bug Traq became important just because of apparent vendor
reticence to deliver a fix for a reported problem without pressure from its
customer base. No model fits all.)
If a new crypto protocol is published and widely studied before it
is delivered or installed in the field, that's great.
The vexing issues come up most often for smaller vendors (today,
many of them non-American,) which are not assured an intensive and
expeditious review of their crypto just by publication. They often prefer
to hire talented guys like yourself under NDAs, for initial and often
annual reviews of the security of their non-standard cryptography.
I would guess that this sort of review has traditionally been a --
if not "the" -- primary income stream for many top independent crypto
>| again, that this "cryptographic community" you cite as an authority is a
>| very new development. A vendor may have other obligations (to customers; to
> The fact that its new does not prevent it from learning from
>its mistakes. To quote Robert Morris, Sr, "Never underestimate the
>effort your opponent will put into cryptanalysis." Assuming that an
>algorithim is private is demonstrably head-in-the-sand behavior.
Bob Morris is always worth quoting.
>| shareholders; to its host government) that bar total and immediate
>| compliance with the autocratic dictums of the Cypherpunks mailing list. (AP
>| not withstanding.)
> The published only crypto predates cypherpunks by at least a
>decade. The lack of design criteria for DES was one of the arguments
>against its adoption in the mid 70s.
>| We also desperately need a *reality check* on the market for this
>| discussion! One gage: Ninety-plus percent of the ACE/SecurID installations
>| today -- largely in Fortune 1000 firms -- still protect dial-in, remote
>| access to communication servers. Telephone lines, not WANs! Absolute
> Telephone lines are just as sniffable as internet lines. No
>crypto, no protection. (There are interesting race attacks which
>become possible when the same Ace/Server handles phone and net
>connections. The lack of a challenge makes this so. See Peiterz's
>paper for details. Its on secnet.com.
I _could_ bug your keyboard, your phone, your car, your bedframe,
every can of Coke in your refrigerator, and the PBXs at your three top
clients! The potential threats are infinitely variable, but the solutions
must be selected and budgeted according to what is appropriate to the
projected risk environment. (I'll get back to you on that Bell/Ip race
issue. I have to dig up Peiter's paper and re-read it.)
The point is self-evident: all security is relative. I presume
your clients pay you to advise them on what is appropriate, not on what max
level of security is feasible. Wiretapping a telephone line is not
difficult -- but many firms (correctly in my judgement,) have determined
that it is a different dimension of threat; one which will require a
focused and overtly-criminal campaign of attack... as opposed to, say, a
hacker's "blind" TCP sequence-number attack upon an online server. J.
Random Hacker is unlikely to just wander by, climb a pole, and try out his
new pre-packaged attack code, which is all too likely to happen on a
Network-connected host. Any strong authentication mechanism will block the
Of course, where a wiretap threat is likely, or the assets at risk
are of sufficient value to justify it, crypto security should be used on
phone lines and often is. (In the petroleum industry, for instance.) Leased
lines are also often a high value target. Many firms, however, seen to
have decided that road-warrior access to an isolated mail server is not
likely to attract this sort attack, but nonetheless they want strong
authentication to protect the initial connection to the company comm
servers, and to block sniff & replay.
(I even know some companies which use SecurIDs to authenticate
voice calls to their voice-mail systems and/or to access private
long-distance lines; apps where time-synch tokens are vastly superior to
your challenge/response tokens;-)
No one is more delighted than I to see cheap, strong, and easy
cryptographic security becoming accessible to all -- but common sense tells
us that, for a given app, what we invest to secure online communications
should not greatly exceed the level of physical and/or procedural security
we place upon that same class of information at the end points... in the
real world. I think we need strong crypto everywhere, but until that is
politically and economically feasible, asset protection folk have to make
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <vin @
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548