-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mar 28, 2013, at 10:27 PM, Jeffrey Goldberg <[email protected]> wrote: > There are a couple interesting lessons from LocationGate. [...] > The second lesson has to do with the the status of iOS protection classes > that can leave things unencrypted even when the phone is locked. There are > things that we want our phones to do before they are unlocked with a > passcode. [...] > > The trick is how to communicate this the people... [...] Very well put in all of those. > What's the line? Never attribute to malice what can be explained by > incompetence. That is the line. And also that stupidity is the most second most common element in the universe, after hydrogen. (And variants on that.) > > At the same time we are in the business of designing system that will protect > people and their data under the assumption that the world is full of hostile > agents. As I like to put it, I lock my car not because I think everyone is a > crook, but because I know that car thieves do exist. And in many cases a cheap lock will work because it deters and deflects, not because it actually prevents. This doesn't apply so much with information security, but I think it does in places. For example, I think that the most important thing about a password is that it not be a dictionary word. If it is one, length doesn't matter. If it isn't, length only matters a little, because most attackers just one someone's password, not yours. If they do want yours, either spearphishing or malware like Zeus is a better bang for the buck. They won't actually bother cracking it, they'll go around it. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFRVTsEsTedWZOD3gYRAhDeAKDYJOTTA9mBBebl4ccMbAbqZQzg9ACdG7A7 XRwwSV8OBtA8JufBO4YsAJ0= =/Olb -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
