On Fri, 25 Jan 2008 15:50:47 +0100, Hadron wrote:
> Mark Kent <mark.kent@xxxxxxxxxxx> writes:
>
>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>>> ____/ Mark Kent on Thursday 24 January 2008 17:38 : \____
>>>
>>>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>>>>> New $2B Dutch Transport Card is Insecure
>>>>>
>>>>> ,----[ Quote ]
>>>>>| Kerckhoffs?s Principle, one of the bedrock maxims of cryptography, says
>>>>>| that security should never rely on keeping an algorithm secret. It?s okay
>>>>>| to have a secret key, if the key is randomly chosen and can be changed when
>>>>>| needed, but you should never bank on an algorithm remaining secret.
>>>>>|
>>>>>| Unfortunately the designers of Mifare Classic did not follow this
>>>>>| principle. Instead, they chose to combine a secret algorithm with a
>>>>>| relatively short 48-bit key. This is a problem because once you know the
>>>>>| algorithm it?s possible for an attacker to search the entire 48-bit key
>>>>>| space, and therefore to forge cards, in a matter or days or weeks.
>>>>>|
>>>>>| [...]
>>>>>|
>>>>>| Now the Dutch authorities have a mess on their hands. About $2 billion have
>>>>>| been invested in this project, but serious fraud seems likely if it is
>>>>>| deployed as designed. This kind of disaster would have been more likely had
>>>>>| the design process been more open. Secrecy was not only an engineering
>>>>>| mistake (violating Kerckhoffs?s Principle) but also a policy mistake, as it
>>>>>| allowed the project to get so far along before independent analysts had a
>>>>>| chance to critique it. A more open process, like the one the U.S.
>>>>>| government used in choosing the Advanced Encryption Standard (AES) would
>>>>>| have been safer. Governments seem to have a hard time understanding that
>>>>>| openness can make you more secure.
>>>>> `----
>>>>>
>>>>> http://www.freedom-to-tinker.com/?p=1250
>>>>>
>>>>
>>>> It's taken me a *very* long time to understand what goes wrong in the
>>>> thinking of non-technical people in this security space, but I've cracked
>>>> it, at least in my own mind, anyway. The problem is that few people
>>>> comprehend the difference between "secure" and "secret" at least when
>>>> it comes to technology.
>>>>
>>>> * Most people can understand that a bank is safe because it is secure, not
>>>> because it's a secret.
>>>>
>>>> * Most people can understand that a secret, once "out", is, well, no
>>>> longer secret.
>>>>
>>>> * Security, for the bank, is addressed through buildings, equipment, and
>>>> processes.
>>>>
>>>> * Secrecy, on the other hand, only has one possible route. As the "wise
>>>> woman" in Black Adder said, the only way you could keep something secret
>>>> from the world is to kill everyone in the world.
>>>>
>>>> * Security, however, assumes that everyone already knows what and where
>>>> the target is.
>>>>
>>>> Most people would see the above remarks as being pretty-much self-evident,
>>>> or common-sense, or some other version of "but I already knew that".
>>>> However, when you apply the same thinking to the example above, they
>>>> fall apart, because whilst they can understand, broadly, how a lock or a
>>>> safe works, even how bars on windows and burglar alarms work, they
>>>> *cannot* grasp that a weak algorithm is like a poor lock.
>>>>
>>>> Keeping the key pattern a "secret" is no protection if the lock is poor,
>>>> again, most people will understand that, but what they lack is the
>>>> comparison between algorithm=lock and key=key.
>>>>
>>>> Naturally, if you give away your key, you will negate the effect of the
>>>> algorithm, unless, as in any lock, you *change* the key.
>>>>
>>>> Hmm, I think I might write a beginner's paper on this.
>>>
>>> Do another article for linux.com. They'll accept it, I'm sure.
>>>
>>
>> A good suggestion, I think I will. This is a fantastic simplification
>> of the problem, I think.
>
> You would think that. In my opinion it is a fantastic complication of a
> problem you yourself seem to have fabricated. You're an egotistical wind
> bag and I suspect any article by you would send a viagra to sleep.
Yea Mark Kent will turn a simple concept into a long winded bore of an
article.
By the time he is finished, the entire audience will be snoring.
|
|
