On 3/7/2015 9:11 PM, coderman wrote:
On 3/7/15, Dave Horsfall <d...@horsfall.org> wrote:
On Sat, 7 Mar 2015, Kevin wrote:
No 1 vulnerability of crypto is the user
2nd passphrases
3rd overconfidence
4th trust in the producer
5th believing backdoors are No. 1
I don't agree that the user should be first on that list unless you are
talking about poor implementation.
How would you arrange them, then? I seem to recall that Enigma was broken
largely due to sloppy user practices e.g. weak message key, re-use of
keys, repeating same message with a weaker scheme, etc. Used properly,
Enigma would've been unbreakable at the time.
1. failed software and security engineering. [#'s 1, 2, 4 above all
reduce to this error.]
2. overconfidence [believing backdoors or nation state attacks are
your weakness is overconfidence in the rest of your threat model]
3. complacency [if everything else is in place, letting habit slide to
convenience, then to compromise, will result in sorrow.]
some would say that truly strong, usable crypto systems with integrity
for the common public are impossible. i would retort that just because
we don't know how to build them yet, does not mean they won't exist in
the future. :P
best regards,
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Such systems may already be around. This of course raises the debate
surrounding unbreakable codes.
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
