Am Samstag, 24. Dezember 2016 05:21:34 UTC+1 schrieb Peter Gutmann:
> Eric Rescorla writes:
> 
> >I don't think this really accurately reflects the consensus of the security
> >community
> 
> Or of any community AFAIK.  Perhaps there could be a special version of
> Firefox that uses one-time pads for everything, and on startup uses a
> cryptographically secure geolocation service to direct you to your nearest
> supermarket for a roll of tinfoil, along with folding instructions for the
> hat.
> 
> For the OP, Google "Shamir's Law".  99.99% of web users could be using single
> DES and it'd still be somewhere around the bottom of page 50 of the list of
> ways in which they're going to get 0wned.
> 
> Peter.

Although this is correct, it shouldn't keep administrators / companies from 
desperately trying to offer the most secure encryption, especially if they are 
located in countries where they are obligated by law to use the best known 
methods and otherwise are in permanent danger to get sued. Please note that my 
actual reason for posting was that I am trying to build a secure web site, and 
thus, I am feeling the strongest personal obligation (besides the obligation by 
law) to make it as secure as possible.

Furthermore, it is eventually not wise to laugh at all people who believe that 
governments have the will and the means to poison cryptographic methods and to 
consider all of them weird conspiracy theorists who ignore maths. There are 
enough mathematicians who consider this a real danger.

It is my private, political (and thus off-topic) opinion that cryptography 
should be as secure as possible, so if I have a choice (which is luckily the 
case here), I am avoiding anything which is suspected to be weakened, even if 
there is no clear proof yet.

If you are sure, absolutely sure and ready to guarantee with your life for it, 
that organizations which are backed by hundreds of billions of dollars per year 
and which have the main aim to break cryptographic methods have not found any 
means to intentionally weaken the NIST curves given the complexity of their 
implementation, i.e. that your knowledge is higher than or at least equal to 
the sum of the knowledge of all the scientists and mathematicians who work for 
these organizations and who dedicate their whole life, every minute, every day 
to misleading, weakening and breaking cryptography, then (and only then) you 
may laugh at me and all the others who are concerned. In that case, we probably 
deserve a big roll of tin foil.

Otherwise, you eventually should respect that there are a lot of people who are 
not overly stupid or paranoid and who are concerned about the issue. For sure, 
there is a reason for the fact that nearly all websites which come up when you 
do a search for cryptographic curves strongly discourage the usage of the NIST 
curves. Are they all paranoid idiots ignoring mathematics? Or is it just a 
temporary fashion to warn about NIST curves?

And by the way, the law you mentioned exactly is one the things which can't 
serve as an argument here. Statistics say that one day I will probably die 
because of a heart problem (I'm located in Germany) and nearly sure not in a 
car crash which happens because of a defective car. But this is absolutely no 
reason to stop the yearly inspections of my car, even less if I regularly take 
other persons with me. YMMV ...

Regards and thank you very much for your comments (indeed, didn't know about 
Shamir's Law yet),

Binarus
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to