Re: what should "k-bit security" mean?

From: John E. Hadstate (nospam_at_null.nil)
Date: 08/30/03 

Date: Sat, 30 Aug 2003 12:32:22 -0400

"Douglas A. Gwyn" <DAGwyn@null.net> wrote in message
news:3F4FBCB5.59CF07E9@null.net...
> "John E. Hadstate" wrote:
> > Based on my recent and ongoing experiences, the NSA and DoD disagree
with
> > you. They do, in fact, evaluate and certify cryptosystems and other
> > security devices based on the application in which they will be used.
> > Taking a device that has been approved and certified for a specific
> > application and using it somewhere else does not mean that it's
certified
> > for the second application.
>
> That usually has more to do with the threat environment and the
> way in which a facility is embedded into a larger operational
> system than with characteristics of the source (plaintext).
>

Yes, but details of the application have subtle ways of leaking information
about plaintext characteristics. Consider an application that is known to
be used to protect 5-level Baudot-encoded data. First of all, what's the
probability that a message transmitted in this medium is going to be
anything but plain-language text (plain-language as extended to include
military terms and acronyms). Some messages might contain tables of
numbers, but you are probably not going to transmit a GIF or JPEG in that
medium.

When one specifies that one wants "k-bit security", one is implying some
things about one's threat model. I suspect, however, that most developers
never penetrate to that level. They specify for "worst-case plus 10%" and
let the chips fall where they may. That's why we have proposals to layer
AES on top of Blowfish.

> My particular complaint had more to do with the notion that a
> single scalar is sufficient to characterize the security
> properties of a given method, and with the infeasibility of
> computing or even reliably estimating that scalar for most real
> systems.

I agree. The search for this Holy Grail is not only naive, it's
counterproductive.

Security is multidimensional, and is defined in the context of the
application and the threat model. Every system has perfect security until
the first time it's broken. Even then, it only has no security to the
people who know the combination of secrets that unlock it.

Relevant Pages

  • Re: NAT, Internet access and security
    ... I'm from Singapore,currently a sales person in IT for about ... 3years,had knowledge and know how to propose a network or ... security solution,but i'm interested in going into security ... Certification but Only Vendor related certify like ...
    (Security-Basics)
  • Re: Dont say I never helped you, maccies
    ... You can keep drinking the security Kool-aid from M$... ... The ban stays until it settles out. ... There was only one NT PC box certified to level C in regards to security, and it is only with certain hardware and is expensive to certify. ... I think that the biggest issue with the gov is all that software they have purchased and now can't use it. ...
    (comp.sys.mac.advocacy)
  • Re: I got my CISSP
    ... In addition, even a person passed the CISSP exam, he/she should have a CISSP ... or his/her manager to "certify" their experience in security. ...
    (alt.computer.security)
  • Re: crypto for criminals?
    ... So what is your threat model? ... > probability of them mounting an attack, ... > dictates everything that is necessary in order for security to remain. ... CryptoSMS helps prevent that. ...
    (sci.crypt)
  • Re: [malware-list] [RFC 0/5] [TALPA] Intro toalinuxinterfaceforonaccess scanning
    ... What is my threat model? ... And you call yourself in the security business? ... water into a huge heap in front of the security line. ... thought the water bottles could contain explosives, ...
    (Linux-Kernel)
Quantcast