[conspire] Cert debacle involving a billion certs
Rick Moen
rick at linuxmafia.com
Mon Mar 18 14:24:41 PDT 2019
Quoting Paul Zander (paulz at ieee.org):
> How many bits make something "secure"? 64 bits was deemed to be
> "enough" in 2016, but that was 3 years ago. When does the 64 bit
> requirement need to be increased?
>
> It's hard to get excited about 63 vs 64 bits except as an
> embarrassment to big companies that should have done better.
Vastly expanding the number of bits used for an encryption scheme, above
and beyond current best practices, and thinking one has automatically
improved things, is usually a bonehead error: The person making that
error soon realises his/her mistake upon discovering that everything
using the cipher now has unacceptably slow performance and very
excessive computational overhead. _Or_, equally bad, other people's
associated software breaks on handling the data.
The term 'secure', IMO, really doesn't mean a damned thing, as generally
used.
Moen's Fourth Law of Security
The way most people use the word, "secure" has exactly the same
semantic value as "minty fresh" (i.e., none at all).
The concept of something being "secure" or not is nonsensical:
Realistically, security is a heuristic estimate of probable exposure to
particular risks within a particular threat model. (Secure against what?
With what configuration? Under what operating conditions and with what
usage modes?) Therefore, you cannot speak meaningfully about security
without a proper understanding of the software/hardware and situations,
and the underlying threat model.
Even then, the concept is probabilistic, and relative. People who talk
about something being "secure" or not as an absolute property are
selling something, are seeking implied permission to turn their brains
off, or both.
(The word is sometimes used as a synonym for "encrypted", e.g., in
"secure HTTP": That is a bad habit, as the usage hides assumptions about
integrity of the endpoints, crypto implementation, and authentication
that may be unjustified.)
http://linuxmafia.com/~rick/lexicon.html#moenslaw-security4
When I say 'security is a heuristic estimate of probable exposure to
particular risks within a particular threat model', mean: Do you mean
probably kept secret for the next ten years? Twent? Fifty? Against
extremely motivated state spook agencies willing to devote 10% of their
agency budgets to the problem, or against academic researchers with $50k
to spare and the use of a compute cluster of 200 PS/3 PlayStations
running Linux (https://www.theregister.co.uk/2008/12/30/ssl_spoofing/)?
The objective and the threat models deemed of concern make a difference.
More information about the conspire
mailing list