On 6/04/12 10:57 AM, Steven Bellovin wrote:
On Apr 5, 2012, at 5:51 10PM, James A. Donald wrote:
So I think that pretty much everyone has already heard that MS PPTP is
insecure. Every time I set up a vpn, I am re-reminded, just in case.
"Don't use cryptographic overkill. Even bad crypto is usually the strong part of
the system." Adi Shamir, 1995.
(http://www.ieee-security.org/Cipher/ConfReports/conf-rep-Crypto95.html)
All hail the great A5/1 and lesser spawn.
Seriously though, we suffer tremendously in this industry from overkill.
Studying the biases in the field would make a great cross-over PhD in
psych-CS-crypto-business. Is there anyone amongst us who hasn't
chortled with glibbity and glee when some despised crypto system falls
to a pernickity academic attack?
In order to replace the myth that crypto must be perfect, maybe we need
a countervailing myth? Something like (whiteboarding here):
A finely balanced choice is as much an opportunity
to measure ones attacker [0], as a way to preserve and
reward a future generation of architects.
Call it the easter egg theory of crypto-plumbing? Gotta lay down some
chocolate to keep new bunnies hopping...
iang
[0] Dan Geer's delta argument.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography