Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
> ____/ Mark Kent on Thursday 24 January 2008 17:38 : \____
>
>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>>> New $2B Dutch Transport Card is Insecure
>>>
>>> ,----[ Quote ]
>>>| Kerckhoffs?s Principle, one of the bedrock maxims of cryptography, says
>>>| that security should never rely on keeping an algorithm secret. It?s okay
>>>| to have a secret key, if the key is randomly chosen and can be changed when
>>>| needed, but you should never bank on an algorithm remaining secret.
>>>|
>>>| Unfortunately the designers of Mifare Classic did not follow this
>>>| principle. Instead, they chose to combine a secret algorithm with a
>>>| relatively short 48-bit key. This is a problem because once you know the
>>>| algorithm it?s possible for an attacker to search the entire 48-bit key
>>>| space, and therefore to forge cards, in a matter or days or weeks.
>>>|
>>>| [...]
>>>|
>>>| Now the Dutch authorities have a mess on their hands. About $2 billion have
>>>| been invested in this project, but serious fraud seems likely if it is
>>>| deployed as designed. This kind of disaster would have been more likely had
>>>| the design process been more open. Secrecy was not only an engineering
>>>| mistake (violating Kerckhoffs?s Principle) but also a policy mistake, as it
>>>| allowed the project to get so far along before independent analysts had a
>>>| chance to critique it. A more open process, like the one the U.S.
>>>| government used in choosing the Advanced Encryption Standard (AES) would
>>>| have been safer. Governments seem to have a hard time understanding that
>>>| openness can make you more secure.
>>> `----
>>>
>>> http://www.freedom-to-tinker.com/?p=1250
>>>
>>
>> It's taken me a *very* long time to understand what goes wrong in the
>> thinking of non-technical people in this security space, but I've cracked
>> it, at least in my own mind, anyway. The problem is that few people
>> comprehend the difference between "secure" and "secret" at least when
>> it comes to technology.
>>
>> * Most people can understand that a bank is safe because it is secure, not
>> because it's a secret.
>>
>> * Most people can understand that a secret, once "out", is, well, no
>> longer secret.
>>
>> * Security, for the bank, is addressed through buildings, equipment, and
>> processes.
>>
>> * Secrecy, on the other hand, only has one possible route. As the "wise
>> woman" in Black Adder said, the only way you could keep something secret
>> from the world is to kill everyone in the world.
>>
>> * Security, however, assumes that everyone already knows what and where
>> the target is.
>>
>> Most people would see the above remarks as being pretty-much self-evident,
>> or common-sense, or some other version of "but I already knew that".
>> However, when you apply the same thinking to the example above, they
>> fall apart, because whilst they can understand, broadly, how a lock or a
>> safe works, even how bars on windows and burglar alarms work, they
>> *cannot* grasp that a weak algorithm is like a poor lock.
>>
>> Keeping the key pattern a "secret" is no protection if the lock is poor,
>> again, most people will understand that, but what they lack is the
>> comparison between algorithm=lock and key=key.
>>
>> Naturally, if you give away your key, you will negate the effect of the
>> algorithm, unless, as in any lock, you *change* the key.
>>
>> Hmm, I think I might write a beginner's paper on this.
>
> Do another article for linux.com. They'll accept it, I'm sure.
>
A good suggestion, I think I will. This is a fantastic simplification
of the problem, I think.
--
| Mark Kent -- mark at ellandroad dot demon dot co dot uk |
| Cola faq: http://www.faqs.org/faqs/linux/advocacy/faq-and-primer/ |
| Cola trolls: http://colatrolls.blogspot.com/ |
| My (new) blog: http://www.thereisnomagic.org |
|
|
