David Honig wrote:
At 12:12 AM 8/27/04 -0700, Ed Gerck wrote:
David Honig wrote:
"Applications can't be any more secure than their operating system." -Bram Cohen
That sounds cute but I believe it is incorrect. Example: error-
correcting codes. The theory of error-correcting codes allows
information to be coded so that it can be recovered even after
significant corruption.
Yes. But what makes you think the implementation you are
using is not subverted?
If I have N independent platforms, the probability is smaller.
What makes you trust your md5 (or whatever) calculator,
which is how/why you trust your downloaded code?
Ah, the word "trust". What makes you trust something cannot be that something by itself. It needs to be provided in multiple, independently as possible, channels. What may make me trust a MD5 fingerprint is the fact that the code works according to some test vectors I define.
And, summarizing a Turing award lecture, what makes you
trust your compiler, much less "ps" or other OS monitors?
That lecture needs to be understood after the word "trust" is defined -- which, btw, the lecture never did.
>>What this means is that the search for the "perfect" operating
system as the solution to security is backwards.
What it means is that the weakest link will break first.
This is true but only if the weakest link is isolated. If you have a strand with three threads, the weakest thread will break first but the other two threads will still hold. Increase the number of threads to N >> 1 and the weakest thread is not really relevant any more. Of course, the system will still fail under an excess stress, but not because one thread (read, OS) failed.
Humans, generally.
Yes, humans AND data are the weakest links.
Also the infrastructure under your
tools, ie OS. And the tools used to build your tools, ie compilers or interpreters.
But, according to the theory of error-correcting codes, the influence of the errors you mention can be reduced to a value as close to ZERO as you desire.
Its not a "search for a perfect" anything; its a recognition
that trust in a system relies on trusting a great number of things; if any one is toast, the system is toast.
Not if designed well. A good security system is not like a baloon that pops with one shot.
Ask Niko Scarfo... used great crypto, but a $10 keylogger got him. He might have run the most secure MULTICs around, but the weakest link was his keyboard, and a black-bag job.
When the heart confutes the mind, that man's hand confutes itself.
Cheers, Ed Gerck
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
