[1738] in cryptography@c2.net mail archive
Why crypto is harder than other high-reliability engineering
daemon@ATHENA.MIT.EDU (Zooko Journeyman)
Sat Oct 11 14:20:15 1997
Date: Sat, 11 Oct 1997 02:17:01 +0200 (MET DST)
From: Zooko Journeyman <zooko@xs4all.nl>
To: cryptography@c2.net, frantz@netcom.com, johnl@iecc.com,
penny@authentex.com
Hello Penny, Bill, JohnL & Perry's Crypto List.
An important difference between security software and general
"high-reliability" software is that in security you are
considering the possibility of malicious, intelligent humans
with unknown capabilities attempting to manipulate your system.
This is a much more stringent test than the normal "anything
that can go wrong will go wrong" approach to highly reliable
systems.
There are two implications of this: An active attack against
a system can be a lot "harder on the system" than even the
slings and arrows of outrageous fortune, and the methods of
attack may be complicated or "unlikely" enough to evade the
notice of those responsible for designing, implementing,
testing and safe-guarding the system.
I've been told that successful attacks on supposedly secure
systems often involve complex or "unlikely" sequences of
events which were overlooked by engineers who successfully
designed for all kinds of "natural" conditions.
Regards,
Zooko, Journeyman Engineer
