I understand the goal of allowing secure and anonymous financial
transactions via the Net. I'm personally very interetested in this,
although I must admit I am also a bit concerned about the social
implications if this becomes a reality (or when it does, since I believe
it eventually will). What
At 12:23 PM -0700 3/24/02, [EMAIL PROTECTED] wrote:
or just security proportional to risk ...
While a valid engineering truism, I have a number of issues with that dictum:
1. It is too often used as an excuse for inaction by people who are
poorly equipped to judge either risk or cost. We've
On Fri, 22 Mar 2002, Arnold G. Reinhold wrote:
I'm not sure what changes in your argument if you delete the word
physical.
I don't think you understand what that means. I was responsible for a
multi-campus (at the time the largest private system ever built) computer
controlled real-time
On Sun, 24 Mar 2002 [EMAIL PROTECTED] wrote:
or just security proportional to risk ... random refs:
There's a short coming with that view.
In order to apply realistic metrics to what that risk is (eg 1 in 100
years) one must have systems being broken in order to vet it. It's one
thing to
As someone who spent 5 years doing all the physical security for a major
university I can say that ALL physical systems can be broken. No
exception. The three laws of thermodynamics apply to security systems as
well.
There is ALWAYS a hole.
On Thu, 21 Mar 2002, Arnold G. Reinhold wrote:
There are groups with lots of money and dedicated, trained agents who
are willing to die that would dearly like to steal a nuclear weapon.
So far, they have not succeeded (if they do, I fear we will know
about it quickly). So someone has been able to do physical security
right.
The problem
The problem is doing it in a way that is affordable and doesn't
require an army.
[snip]
I'm not sure what changes in your argument if you delete the word
physical. Perhaps we should all just give up with this security
nonsense.
:)
Agreed. It's not about perfect security, it's about
At 01:04 PM 3/21/02 -0500, Nelson Minar wrote:
Question. Is it possible to have code that contains a private encryption
key safely?
As a practical matter, yes and no. Practically no, because any way you
hide the encryption key could be reverse engineered. Practically yes,
because if you work at
Question. Is it possible to have code that contains a private encryption
key safely?
As a practical matter, yes and no. Practically no, because any way you
hide the encryption key could be reverse engineered. Practically yes,
because if you work at it you can make the key hard enough to reverse
At 8:52 PM -0800 3/20/02, Mike Brodhead wrote:
The usual good solution is to make a human type in a secret.
Of course, the downside is that the appropriate human must be present
for the system to come up properly.
It's not clear to me what having the human present accomplishes.
While the
At 08:52 PM 3/20/2002 -0800, Mike Brodhead wrote:
The usual good solution is to make a human type in a secret.
Of course, the downside is that the appropriate human must be present
for the system to come up properly.
Yes, of course, that is why I wrote:
The usual bad solution is to store it
Many thanks on all the pointers and interest.
Although I was planning on sneaking around making more progress before
letting the cat out the bag, I guess it is time to expose it for some open
criticism.
This is just a plan so far, no code yet. Although until the ability to
safely split
At 01:45 PM 3/21/2002 +1100, McMeikan, Andrew wrote:
Question. Is it possible to have code that contains a private encryption
key safely? Every way I look at it the answer seems no, yet some degree of
safety might be possible by splitting an encrypting routine across several
nodes. Can someone
The usual good solution is to make a human type in a secret.
Of course, the downside is that the appropriate human must be present
for the system to come up properly.
In some situations, the system must be able to boot into a working
state. That way, even if somebody accidentally trips the
On Thu, 21 Mar 2002, McMeikan, Andrew wrote:
A question and a probe.
Question. Is it possible to have code that contains a private encryption
key safely? Every way I look at it the answer seems no, yet some degree of
safety might be possible by splitting an encrypting routine across
15 matches
Mail list logo