Re: [Cfrg] how can CFRG improve cryptography in the Internet?
Watson Ladd <watsonbladd@gmail.com> Tue, 11 February 2014 05:47 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 784531A0359 for <cfrg@ietfa.amsl.com>; Mon, 10 Feb 2014 21:47:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pmZafOXGrUHb for <cfrg@ietfa.amsl.com>; Mon, 10 Feb 2014 21:47:53 -0800 (PST)
Received: from mail-yk0-x22c.google.com (mail-yk0-x22c.google.com [IPv6:2607:f8b0:4002:c07::22c]) by ietfa.amsl.com (Postfix) with ESMTP id C4ED31A0340 for <cfrg@irtf.org>; Mon, 10 Feb 2014 21:47:53 -0800 (PST)
Received: by mail-yk0-f172.google.com with SMTP id 200so9904277ykr.3 for <cfrg@irtf.org>; Mon, 10 Feb 2014 21:47:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pFcHQk4iccfOdqAIPzHj5MrqAhksu47xVPnoIocyPR4=; b=HOesjI5ve7JEa/Ub0T0sT7IAspNceUjKlsGYdWELlDADFj+15qKS49m2TLKzoKdYwz G/pQvAWOUD1Qt4v/svnLbA5amiCtT0/Dzvn62XqfhnjVx4xsbdGKnDXrKIm6pIczLq0G eLevr37FgiSZrCPm18TKbHihD1AZQ4eMYdedB5Om3CEPbuYhXHiG4Z2TGtRquEpPCDWe 2S1Zf5EJk0s/O7EFyHMd2qvXZ/hgG4uXZjEO/MEBl1OJbDgOBAZfHyjfmy/vyhY2Qbjx Ww72d137qR1E1l5LlVoEsLlphbppyh/qPCgc1O+ve7X0ANPKRvrlMVe86Qy4WuLyR5Ci Szzw==
MIME-Version: 1.0
X-Received: by 10.236.101.227 with SMTP id b63mr31661743yhg.37.1392097673165; Mon, 10 Feb 2014 21:47:53 -0800 (PST)
Received: by 10.170.164.212 with HTTP; Mon, 10 Feb 2014 21:47:53 -0800 (PST)
In-Reply-To: <20140211050902.5D2022280AE@palinka.tinho.net>
References: <52F8ED2D.4060502@comodo.com> <20140211050902.5D2022280AE@palinka.tinho.net>
Date: Mon, 10 Feb 2014 21:47:53 -0800
Message-ID: <CACsn0cm8LVwf6c0AO-U3rsxo0cAY=DWJB=4SqxWct6NGD=AQHA@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: dan@geer.org
Content-Type: text/plain; charset="UTF-8"
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] how can CFRG improve cryptography in the Internet?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2014 05:47:56 -0000
On Mon, Feb 10, 2014 at 9:09 PM, <dan@geer.org> wrote: > > > No-longer-deemed-secure algorithms aren't the only security problems > > facing out-of-date cryptographic software. So why not go one step > > further and make the cryptographic software itself expire? > > > Might I extend this to crypto-in-hardware-in-embedded-systems? > > In other words, absolutely all embedded systems must either have a > remote upgrade capability or a not-to-exceed pre-defined lifetime. There is an assumption being made here: that algorithms will age badly. This assumption is largely unwarranted. First off, software does not decay. It does not develop security problems spontaneously. Protocols with reductions remain secure so long as the fundamental problems they reduce to remain hard. The reasons why a piece of hardware made in 1996 would, 17 years later, be no longer secure if properly designed in the first place, would likely be the hash function. IDEA remains secure, even with the small block causing fun at 4 GB. Blowfish is unlikely to have been done in hardware. Triple DES would be fine today, but single DES would have been on the way out due to the small 2^56 key size. Public key would likely be RSA. The big advances in algorithms were all known at that point, so one just has to play the Moore's law game. For ECC the security situation looks the same, and for Diffie-Hellman over prime fields, I don't recall. The hash function would have died: it would have been MD5. With any luck they would have used signature schemes that avoid falling to simple collisions, but that's unlikely for RSA. The big problem is that the standards were and are so terrible. SSL v3 made 3 mistakes: predictable IVs, a complex state machine, and exposing a CBC padding oracle. PKCS 1.5 had lots wrong with it. For this hardware to be useful, it wouldn't have made it to 2013 without massive problems beyond the weak hash. Sincerely, Watson Ladd -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.t… internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… David McGrew
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… David McGrew
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Paul Lambert
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Yoav Nir
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Mike Hamburg
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Dan Harkins
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Robert Ransom
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-… Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Paul Lambert
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Michael Hamburg
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Watson Ladd
- [Cfrg] publishing dragonfly (was: Re: 2^40. I can… David McGrew
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Eggert, Lars
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Manger, James
- Re: [Cfrg] publishing dragonfly (was: Re: 2^40. I… Eggert, Lars
- [Cfrg] NSA sabotaging crypto standards Manger, James
- Re: [Cfrg] NSA sabotaging crypto standards Alexandre Anzala-Yamajako
- Re: [Cfrg] how can CFRG improve cryptography in t… Rob Stradling
- Re: [Cfrg] NSA sabotaging crypto standards Eggert, Lars
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Paul Hoffman
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Paul Hoffman
- Re: [Cfrg] NSA sabotaging crypto standards David McGrew
- Re: [Cfrg] NSA sabotaging crypto standards Dan Harkins
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] NSA sabotaging crypto standards Nikos Mavrogiannopoulos
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- Re: [Cfrg] NSA sabotaging crypto standards Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] NSA sabotaging crypto standards Watson Ladd
- [Cfrg] how can CFRG improve cryptography in the I… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Daniel Kahn Gillmor
- Re: [Cfrg] NSA sabotaging crypto standards Blumenthal, Uri - 0558 - MITLL
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Rene Struik
- Re: [Cfrg] how can CFRG improve cryptography in t… Stephen Farrell
- Re: [Cfrg] how can CFRG improve cryptography in t… dan
- Re: [Cfrg] how can CFRG improve cryptography in t… Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… Daniel Kahn Gillmor
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Stephen Farrell
- Re: [Cfrg] how can CFRG improve cryptography in t… Tom Ritter
- Re: [Cfrg] how can CFRG improve cryptography in t… Igoe, Kevin M.
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… Hannes Tschofenig
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew
- Re: [Cfrg] how can CFRG improve cryptography in t… Paul Lambert
- Re: [Cfrg] how can CFRG improve cryptography in t… Watson Ladd
- Re: [Cfrg] how can CFRG improve cryptography in t… Rene Struik
- Re: [Cfrg] how can CFRG improve cryptography in t… Geoffrey Waters
- Re: [Cfrg] how can CFRG improve cryptography in t… S Moonesamy
- Re: [Cfrg] how can CFRG improve cryptography in t… David McGrew