[13919] in cryptography@c2.net mail archive
Re: Crypto Hygiene?
daemon@ATHENA.MIT.EDU (Steve Schear)
Fri Aug 22 11:14:05 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 21 Aug 2003 23:04:10 -0700
To: dmolnar <dmolnar@hcs.harvard.edu>, cryptography@metzdowd.com
From: Steve Schear <s.schear@comcast.net>
In-Reply-To: <Pine.OSF.4.53.0308111641001.17130@hcs.harvard.edu>
At 04:45 PM 8/11/2003 -0400, dmolnar wrote:
>(also posted to sci.crypt in modified form)
>
>At Usenix Security, Eric Rescorla pointed out that some of the
>cryptographic flaws we have seen can be prevented by applying good
>"crypto hygiene." My questions for the floor --
>
> * What is "good hygiene" ?
> * Where would I find it written down?
> * How do we develop good hygiene?
The problems implementing reliable crypto seem to parallel the problems
which plagued early digital logic design. Although digital logic operates
as if only zeros and ones exist, in fact the physics underlying the circuit
components is analog. Until technologists developed SSI, MSI and later LSI
circuits, which pretty effectively "walled off" the analog world, engineers
were forever chasing analog demons in their digital designs. Now these
problems generally appear only when circuits or their environment (e.g.,
speed, temperature and voltage) exceed design parameters.
Mark Miller's approach using "E" may be one approach for applying the
"walling off" practiced in digital design for security.
steve
"...for every complex problem, there is a solution that is simple, neat,
and wrong."
-- H.L. Mencken
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
