On Oct 1, 2013, at 12:27 PM, Dirk-Willem van Gulik wrote:
>> It's clear what "10x stronger than needed" means for a support beam: We're
>> pretty good at modeling the forces on a beam and we know how strong beams of
>> given sizes are.
> Actually - do we ? I picked this example as it is one of those where this 'we
> know' falls apart on closer examination. Wood varies a lot; and our ratings
> are very rough. We drill holes through it; use hugely varying ways to
> glue/weld/etc. And we liberally apply safety factors everywhere; and a lot of
> 'otherwise it does not feel right' throughout. And in all fairness - while
> you can get a bunch of engineers to agree that 'it is strong enough' - they'd
> argue endlessly and have 'it depends' sort of answers when you ask them "how
> strong is it 'really'" ?
[Getting away from crypto, but ... ] Having recently had significant work done
on my house, I've seen this kind of thing close up.
There are three levels of construction. If you're putting together a small
garden shed, "it looks right" is generally enough - at least if it's someone
with sufficient experience. If you're talking non-load-bearing walls, or even
some that bear fairly small loads, you follow standards - use 2x4's, space them
36" apart, use doubled 2x4's over openings like windows and doors, don't cut
holes larger than some limit - and you'll be fine (based on what I saw, you
could cut a hole large enough for a water supply, but not for a water drain
pipe). Methods of attachment are also specified. These standards - enforced
by building codes - are deliberately chosen with large safety margins so that
you don't need to do any detailed calculations. They are inherently safe over
some broad range of sizes of a constructed object.
Beyond that, you get into the realm of computation. I needed a long open span,
which was accomplished with an LV beam (engineered wood - LV is Layered
Veneer). The beam was supporting a good piece of the house's roof, so the
actual forces needed to be calculated. LV beams come in multiple sizes, and
the strengths are well characterized. In this case, we would not have wanted
the architect/structural engineer to just build in a larger margin of safety:
There was limited space in the attic to get this into place, and if we chose
too large an LV beam "just for good measure", it wouldn't fit. Alternatively,
we could have added a vertical support beam "just to be sure" - but it would
have disrupted the kitchen. (A larger LV beam would also have cost more money,
though with only one beam, the percentage it would have added to the total cost
would have been small. On a larger project - or, if we'd had to go with a
steel beam if no LV beam of appropriate size and strength exi
sted - the cost increase could have been significant.)
The larger the construction project, the tighter the limits on this stuff. I
used to work with a former structural engineer, and he repeated some of the
"bad example" stories they are taught. A famous case a number of years back
involved a hotel in, I believe, Kansas City. The hotel had a large, open
atrium, with two levels of concrete "skyways" for walking above. The "skyways"
were hung from the roof. As the structural engineer specified their
attachment, a long threaded steel rod ran from the roof, through one skyway -
with the skyway held on by a nut - and then down to the second skyway, also
held on by a nut. The builder, realizing that he would have to thread the nut
for the upper skyway up many feet of rod, made a "minor" change: He instead
used two threaded rods, one from roof to upper skyway, one from upper skyway to
lower skyway. It's all the same, right? Well, no: In the original design,
the upper nut holds the weight of just the upper skyway. In the modi
fied version, it holds the weight of *both* skyways. The upper fastening
failed, the structure collapsed, and as I recall several people on the skyways
at the time were killed. So ... not even a factor of two safety margin there.
(The take-away from the story as delivered to future structural engineers was
*not* that there wasn't a large enough safety margin - the calculations were
accurate and well within the margins used in building such structures. The
issue was that no one checked that the structure was actually built as
designed.)
I'll leave it to others to decide whether, and how, these lessons apply to
crypto design.
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
