[1007] in WWW Security List Archive
Why Cryptosystems Fail ftp site
daemon@ATHENA.MIT.EDU (Adam Shostack)
Wed Oct 11 18:35:17 1995
From: Adam Shostack <adam@bwh.harvard.edu>
To: adam@bwh.harvard.edu (Adam Shostack)
Date: Wed, 11 Oct 1995 12:03:34 -0400 (EDT)
Cc: bsy@microsoft.com, www-security@ns2.rutgers.edu
In-Reply-To: <199510101636.MAA11844@leonardo.bwh.harvard.edu> from "Adam Shostack" at Oct 10, 95 12:36:04 pm
Errors-To: owner-www-security@ns2.rutgers.edu
| are most likely to read, ie, the specifications. As Ross Anderson
| points out in his 'Why Cryptosystems Fail' paper, the assumption by
| cryptographers that the programmers will know how to write security
Quite a few people have asked me where to find this paper:
ftp://ftp.cl.cam.ac.uk/users/rja14/wcf.ps.Z
Also well worth reading is his 'Robustness Principles for
Public Key Protocols' presented at Crypto '95.
ftp://ftp.cl.cam.ac.uk/users/rja14/robustness.ps.Z
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
