[1739] in cryptography@c2.net mail archive
Re: Crypto in real life
daemon@ATHENA.MIT.EDU (James A. Donald)
Sat Oct 11 14:20:16 1997
Date: Fri, 10 Oct 1997 17:33:46 -0700 (PDT)
To: David HM Spector <spector@zeitgeist.com>,
Rick Smith <smith@securecomputing.com>
From: "James A. Donald" <jamesd@echeque.com>
Cc: John R Levine <johnl@iecc.com>, cryptography@c2.net
This is far to lengthy. Remember you are talking to people with
short attention spans, or who report to people with short attention
spans.
The correct answer is: "Crypto software needs peer review because,
you cannot tell when it fails, unlike other software."
At 11:30 PM 10/9/97 -0400, David HM Spector wrote:
here's, more or less, how I explain it to clients:
>
>
> Good, safe, well-tested cryptographic security software is like
> a flu vaccine. It must be extensively researched and tested
> to know in what kinds of situations (in the case of a vaccine,
> what strains of flu) it is appropriate to use and whihc its
> not. The ability of software to interoperate correctly other
> similar software is one of these tests. Imagine a flu vaccine
> that kills you if you've ever had a polio or tetanus shot.
>
> Just like vaccines and other medicines, high-quality
> cryptosystems go through a rigorous set of designs, reviews,
> trials and peer-reviews before it should trusted with your
> data (or in the case of a vaccine, your life!).
>
> A security system is not something you buy off a the back of a truck,
> nor is it something that non-experts (such as faith healers or
> trade-magazine writers [or congressmen]) are likely to be
> expert at, so taking security advise from these so-called
> experts is a lot like going to a "psychic-surgeon"... you will
> probably not get what you expect, and most certainly will not
> get better if you are ill.
>
> Finally, like medicines, cryptosystems need to be re-evaluated on a
> regualar basis to ensure that they are still effective, and
> are still safe to use. Since technology (and the flu) is
> always on the move, it's a good idea to keep ones technology
> (and ones flu shots) up to date.
---------------------------------------------------------------------
|
We have the right to defend ourselves | http://www.jim.com/jamesd/
and our property, because of the kind |
of animals that we are. True law | James A. Donald
derives from this right, not from the |
arbitrary power of the state. | jamesd@echeque.com
