James A. Donald wrote:
Committees of experts regularly get cryptography wrong - consider, for
example the Wifi debacle. Each wifi release contains classic and
infamous errors - for example WPA-Personal is subject to offline
dictionary attack.
One would have thought that after the first disaster they would have
hired someone who could do it right, but as Ian long ago pointed out,
in "the market for silver bullets", they are unable to tell who can do
it right. The only people who know who the real experts are, are the
real experts. If you knew who to hire, you could do it yourself, and
probably should do it yourself. So they hire expert salesmen, not
cryptography experts.
the other scenario was that the cryptography part was done from such a
myopic standpoint ... that they failed to consider the end-to-end
infrastructure.
I've repeatedly heard excuses that the cryptographers in the wifi
debacle believed that they could only design a solution based on
significant hardware restrictions/constraints. part of what i observed
... by the time any of them shipped ... the hardware
restrictions/constraints no longer existed . the other thing that i
observed was that with relatively trivial knowledge about chips ... it
was possible to come up with an integrated solution that incorporated
both the necessary hardware and the necessary cryptography ... there
has got to be some analogy here someplace about the blind trying to
describe an elephant; in addition to the "point solution" analogy,
failing to take in the overall infrastructure.
i've repeatedly claimed that we did that in the AADS chip strawman solution
http://www.garlic.com/~lynn/x959.html#aads
that including addressing all the issues that showed up in scenarios
like with the "yes cards"
http://www.garlic.com/~lynn/subintegrity.html#yescards
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
