____/ Mark Kent on Thursday 24 January 2008 17:38 : \____
> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>> New $2B Dutch Transport Card is Insecure
>>
>> ,----[ Quote ]
>>| Kerckhoffs?s Principle, one of the bedrock maxims of cryptography, says
>>| that security should never rely on keeping an algorithm secret. It?s okay
>>| to have a secret key, if the key is randomly chosen and can be changed when
>>| needed, but you should never bank on an algorithm remaining secret.
>>|
>>| Unfortunately the designers of Mifare Classic did not follow this
>>| principle. Instead, they chose to combine a secret algorithm with a
>>| relatively short 48-bit key. This is a problem because once you know the
>>| algorithm it?s possible for an attacker to search the entire 48-bit key
>>| space, and therefore to forge cards, in a matter or days or weeks.
>>|
>>| [...]
>>|
>>| Now the Dutch authorities have a mess on their hands. About $2 billion have
>>| been invested in this project, but serious fraud seems likely if it is
>>| deployed as designed. This kind of disaster would have been more likely had
>>| the design process been more open. Secrecy was not only an engineering
>>| mistake (violating Kerckhoffs?s Principle) but also a policy mistake, as it
>>| allowed the project to get so far along before independent analysts had a
>>| chance to critique it. A more open process, like the one the U.S.
>>| government used in choosing the Advanced Encryption Standard (AES) would
>>| have been safer. Governments seem to have a hard time understanding that
>>| openness can make you more secure.
>> `----
>>
>> http://www.freedom-to-tinker.com/?p=1250
>>
>
> It's taken me a *very* long time to understand what goes wrong in the
> thinking of non-technical people in this security space, but I've cracked
> it, at least in my own mind, anyway. The problem is that few people
> comprehend the difference between "secure" and "secret" at least when
> it comes to technology.
>
> * Most people can understand that a bank is safe because it is secure, not
> because it's a secret.
>
> * Most people can understand that a secret, once "out", is, well, no
> longer secret.
>
> * Security, for the bank, is addressed through buildings, equipment, and
> processes.
>
> * Secrecy, on the other hand, only has one possible route. As the "wise
> woman" in Black Adder said, the only way you could keep something secret
> from the world is to kill everyone in the world.
>
> * Security, however, assumes that everyone already knows what and where
> the target is.
>
> Most people would see the above remarks as being pretty-much self-evident,
> or common-sense, or some other version of "but I already knew that".
> However, when you apply the same thinking to the example above, they
> fall apart, because whilst they can understand, broadly, how a lock or a
> safe works, even how bars on windows and burglar alarms work, they
> *cannot* grasp that a weak algorithm is like a poor lock.
>
> Keeping the key pattern a "secret" is no protection if the lock is poor,
> again, most people will understand that, but what they lack is the
> comparison between algorithm=lock and key=key.
>
> Naturally, if you give away your key, you will negate the effect of the
> algorithm, unless, as in any lock, you *change* the key.
>
> Hmm, I think I might write a beginner's paper on this.
Do another article for linux.com. They'll accept it, I'm sure.
--
~~ Best of wishes
"Linux is a very complete and sophisticated operating system. And there is a
lot of work being done to improve it in and of itself, particularly to make it
easier to use and easier for people to set up on their personal computers."
--Paul Maritz, senior vice-president, Microsoft
http://Schestowitz.com | RHAT Linux | PGP-Key: 0x74572E8E
18:20:01 up 4:14, 3 users, load average: 0.29, 0.59, 0.77
http://iuron.com - Open Source knowledge engine project
|
|
