[7958] in cryptography@c2.net mail archive
Re: Multi-part security solutions (Was: Re: Rijndael & Hitachi)
daemon@ATHENA.MIT.EDU (Tim May)
Wed Oct 11 23:42:10 2000
Mime-Version: 1.0
Message-Id: <a04310100b60abf6bce0a@[207.111.241.156]>
In-Reply-To: <200010120009.UAA13407@Prometheus.schaefer.nu>
Date: Wed, 11 Oct 2000 18:11:48 -0700
To: Meyer Wolfsheim <wolf@priori.net>, cryptography@c2.net,
cypherpunks@cyberpass.net
From: Tim May <tcmay@got.net>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 4:57 PM -0700 10/11/00, Meyer Wolfsheim wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On Wed, 11 Oct 2000, Arnold G. Reinhold wrote:
>
>> Derek Atkins adds:
>>
>> >
>> >Why try to pick a Medeco when it's locking a glass door? :-)
>>
>> The fact that some people put Medeco's in glass doors, doesn't mean
>> Medeco should never develop a better lock.
>
>Sure, Medeco should keep working on developing the best locks that it can
>produce.
>
>However, if you are going to design your structure with a glass door, it
>really makes no technological sense to exceed the security provided by the
>glass door with the other components (locks, hinges, etc.). Put a Medeco
>or an ASSA in a door that can be jimmied or broken down, and you've gained
>nothing that you wouldn't have had with a high quality lock lacking a
>sidebar. Except a warm fuzzy feeling inside: "We have unpickable locks!"
Well, not so. This whole discussion is missing an important
ontological factor: whether intrusion is detectable.
A Medeco lock on a glass door may seem crazy, but a pickable lock on
a glass door means those who know how to pick locks--like cops who
have access to lock guns--can enter at will without any persistent
evidence of their intrusion.
The application to crypto is that the issue of personal data security
(black bag jobs on keys, for example) is a separate issue from
machine to machine security.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
