[Dshield] Crypto Question

Stephen John Smoogen smooge at gmail.com
Tue Mar 10 02:06:23 GMT 2009


On Sun, Mar 8, 2009 at 12:18 PM, John Hardin <jhardin at impsec.org> wrote:
> On Fri, 6 Mar 2009, Valdis.Kletnieks at vt.edu wrote:
>
>> On Thu, 05 Mar 2009 17:11:33 PST, John Hardin said:
>>
>>> You can say that the data is suspect and should not be trusted. Which
>>> you cannot do when you only have one hash using the broken algorithm.
>>
>> Exactly - that's the whole point - since the hash using the broken
>> algorithm *CANT TELL YOU* that it's suspect, why are you bothering to
>> check it?
>
> Because *at the time the hash was generated* the weakness was not known,
> or was only theoretical.
>
> I believe I understand the failure to communicate here. You are saying
> "why _keep using_ a known weak algorithm?" I agree with you, and I am not
> arguing that should be done (though I recognize in practice it _will_ be
> done, and that should be planned for by the designer).
>
> I am saying "Why rely solely on one algorithm for security when it likely
> has unknown weaknesses? Why not design your protocol or file format to not
> silently fail when a weakness is discovered in that algorithm?"

What you are postulating might be close to this.

You have to meet someone in 20 years at X time. What is the best way
to meet them exactly at that time.

A) Purchase 20 watches that are made by different manufacturers and
guarenteed for 1 second in 200 years or so. As watch manufacturers are
found to be unreliable you discontinue to look at those watches. In
the case that all the watches turn out to be unreliable there might be
a way to average them in a way to get an accurate time.

B) What I think Valdis is saying is. Buy one watch. When someone else
tests that the watch is not reliable.. get a new watch, sync them up,
and get rid of the old watch.

In the end, the issue is that Valdis's approach is probably cheaper in
his world, but might not in the world of people who are asked to
assure infinite reliability with infinitesimal risk (bureaucrats
answering to voters/elected representatives/etc). In that world, it
may be more expensive to keep buying watches, testing the new watches,
getting assurances, than buying 10-20 watches at first and hoping (via
some financial risk algorithm that is based on how many angels dance
on a pin) that the problems will stay away long enough for them to
retire.

The key is to figure out which world you are in, and deal with it
accordingly. I would hope that finding a risk algorithm that matches
what Valdis is suggesting is 'approved' someday soon.




-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"


More information about the Dshield mailing list