Interesting People mailing list archives
IP: more on Security Czar Points Finger of Blame (should be at Governments)
From: Dave Farber <dave () farber net>
Date: Sat, 03 Aug 2002 11:24:32 -0400
Herb's comments are well taken. But I will still hold that we would be much better prepared if the governments (and note not just the USA) took a more long view on security in the 90s. Many of us testified as to the dangers and many were roundly ignored. Dave ------ Forwarded Message From: "Herb Lin" <HLin () nas edu> Date: Sat, 3 Aug 2002 11:13:46 -0400 To: farber () cis upenn edu Subject: Re: IP: Security Czar Points Finger of Blame (should be at Governments) I think the invective being directed at Richard Clarke and the government here is misplaced, though I do understand the sentiments being expressed. The connection between the crypto that the government tried to restrict with its 40-bit encryption-key export limitations and today's state of system and network security seems quite tenuous. Consider: -- WiFi (802.11b) has a capability to support 128 bit encryption. Was 128 bit encryption a solution to the security problems of WiFi? -- Has any documented security flaw in existing software ever been traced to the cryptographic inadequacy of a 40 bit key (as opposed to larger keys)? I think any serious look at these questions has to result in a "no" to both of them - and if that analysis is right, then it is very hard to argue that attempts to restrict encryption key length has or had anything at all to do with the flaws we see today. Readers might also do well to consider that the state of world affairs and technolgy deployment is very different now than in the early 1980s and 1990s. Specifically, it's much clearer today that good encryption is relevant to a much wider range of applications and services than it was then. Rather than being the subject of criticism, Clarke should be praised for understanding the importance of security. None of this is intended to deny the point that there are elements within the law enforcement and national security communities that would much prefer no encryption at all. But the bottom line from my perspective is that the encryption strength is mostly (but not completely) orthogonal to the security problems that plague us today. Herb Lin Senior Scientist (and study director of the 1996 NRC report on cryptography) CSTB www.cstb.org ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: more on Security Czar Points Finger of Blame (should be at Governments) Dave Farber (Aug 03)