On 4/10/2014 17:57 pm, Jeremy Stanley wrote: > On 2014-10-05 10:38:38 +1000 (+1000), James A. Donald wrote: >> On 2014-10-05 10:34, James A. Donald wrote: >>> On 2014-10-05 07:49, Jeremy Stanley wrote: >>>> This is pretty off-topic as it has nothing whatsoever to do with >>>> cryptography. >> >>> It has everything to do with cryptography. >>> >>> The greatest failing of cryptographers has always been to produce a >>> fortress with a mighty impenetrable door in two foot paling fence. >> >> And anyone who draws attention to the fact that the fence is only >> two feet tall is told that the fence is out of scope. > > And if random security vulnerabilities are on-topic for discussion > here, we might as well just be reading bugtraq/fulldisc/.../4chan > instead.
Although I don't particularly like it, I have to agree with Donald. The value of cryptography is limited by the applicability of its benefit to the real world. We can probably agree that there is a valid science in theoretical cryptography for elegance sake and pedagogical purposes. But almost all traffic on this list is in the domain of the practical, the useful. Digression. The 1024 in 20m attack (other thread) reminds me of an attack on a money system cerca 2000, told to me by Dani Nagy. The attacker announced that he had found a breach in the money system, in which he could double his money. He offered that anyone could send him X, he would send back double X to prove his breach. Which he did. For quite some time and several events. The company investigated, and said it could find no bug. Eventually, it was agreed that there was no breach, the attacker was simply paying out the double claim, from his pocket. The attack was not on the system, but on the reputation of the system. It did tremendous damage, as many people decided to mistrust the system, and growth was stalled for a while. Balance is a perfectly important property of a system. There really is little point in building a safe door into a paling fence, yet cryptographers and security people typically fall to the 'out of scope' bug far more often than we'd like, thus rendering their system as out of balance as the fortress with the paling fence. Understanding the weakness of the core & average platforms has always been in scope for deciding balance. iang _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
