On Apr 8, 2012, at 7:49 04PM, James A. Donald wrote:
> On 2012-04-09 9:15 AM, Steven Bellovin wrote:
> > Yes, the algorithms and protocols can be very important,
> > especially if you have serious enemies. They're also more
> > fun for many folks (myself included) than the really hard
> > engineering and development work to make the thing usable.
> > They're orders of magnitude more fun than the arguments in
> > standards bodies to agree on what is really necessary as an
> > option, as opposed to something that most people don't want
> > but some vendor insists has to be there for 2.71828% of
> > their customer base.
>
> Seems to me that most crypto failure is usability failure.
> The only massive protocol and algorithm failure is wifi.
Yup. Even there, the problem that got most of the attention
-- the fact that RC4 (as used in WEP) can be cryptanalyzed --
wasn't knowable at the time. The avoidable errors -- the
misuse of a stream cipher, and the lack of a standardized
key management layer -- were not enough to prompt a change
in the standard.
>
> Also, anything that comes out of a committee, particularly a
> large committee containing conflicting agendas, evil people,
> stupid people, and crazy people, is apt to be a massive
> usability fail, and the only reason why it is usually not
> also a massive algorithm and protocol fail is that the
> stupid, the crazy, and the evil have difficulty following the
> protocol and algorithm discussion.
I'd put most of it down to conflicting agendas -- even people
you regard as "evil" don't see themselves that way; they
simply have a different definition -- agenda -- for "good".
Craziness doesn't generally survive, nor stupidity. Granted,
some folks with different agendas may (or may not) understand
certain details, but if they don't it's because that isn't
important to their employers' agendas.
One more thing: algorithm and protocol failures are often a
matter of fact, not opinion, and most people are reluctant
to argue for something that everyone else can see is factually
incorrect. I recall one incident when I was Security Area Director
in the IETF when I blocked some SIP documents because of a
cut-and-paste attack. I had a very hostile meeting with a fair
number of the proponents of those documents -- until I pulled
out my laptop and showed exactly how the attack worked. End
of discussion, period. One can disagree on the likelihood or
impact of a vulnerability, but generally not its existence,
until the audience is politicians. (The disagreements, circa
the late 1970s, on the susceptibility of DES to an economically
feasible brute force attack come to mind.) The trouble comes
when it gets to matters of taste and judgment, and what adding
17.3 new features to the protocol will do to the software's
correctness and comprehensibility.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
