On Shifting “Windows” and “Security” from Less Antonymous to More Synonymous

(Page 3)

You have the bona fide attempts by developers without a lick of cryptographic sense, and then you have the mala fide attempts by likewise clueless consumivores who care more about the crisp Franklin than consistent fidelity. Both attempts, regardless of their intention, are security failures in the making. BitLocker's impact will be significant, and it makes exhaling quite a bit smoother and more relaxed, to know that at least one competent cryptographer is on deck. Obviously, this doesn't mean that BitLocker is exempt from failing just as miserably as the aforementioned attempts by the incompetent; it does, however, increase the potential for pumping out some quality cryptography.

The PGPotter and His Kiln of Wisdom

Not too long ago, Phil Zimmermann – remember, it's N Duo, not N Solo – generously shared some rules-of-thumb with me, that, should there ever be a published “Security Creed For Developers,” would grace the top of that magna carta. While these weren't intended to be specific to BitLocker, the design philosophies they promote can be applied to most any cryptographic instantiation. You might look at these and think, “Oh, now you're just being over-zealous. It's not that big of a deal.” Although there are some cases for which we wish it wasn't, it remains a given. Given that, I'd like to see a state of security where developers react to these proverbs with a Pavlovian demeanor; that is, they hear it and immediately respond with, “Thank you, Captain Obvious!”

“Chop-chop,” you say, “with the proverbs!” When designing a cryptographic infrastructure, you must be simple, correct, and secure. Although mistakes are inevitable, they should not be accepted as a natural occurrence and merely shrugged off with an apathetic “Oh well.” You must be a staunch advocate of nothing less than meticulous perfectionism. Phil asseverated, “Design as if making a mistake will cost someone's life.” Don't be too hasty to mumble, “Yeah, right. Like that really happens.” Quoting recently retired NSA cryptographer, Brian Snow: “I want functions and assurances in a security device. We do not 'beta-test' on the customer; if my product fails, someone might die.” This is from his address, as a “Distinguished Practitioner,” at ACSAC 2005, while he was still active at the NSA. Mistakes can have more than a monetary cost, folks. Designing by this “. . .or else” attitude isn't exceeding the call of duty; it's the belt that holds the pants up. And to think - some still wonder why we're constantly caught with them down?

< 1 2 3 4 5 6 7 8 >