Schneier on Security
A blog covering security and security technology.
« NSA's Warrantless Eavesdropping Targets Innocent Americans |
| How to Write Injection-Proof SQL »
October 15, 2008
Dr. Dobb's Interview
I was interviewed for Dr. Dobb's Journal.
Way back before the first edition of Applied Cryptography, Dr. Dobbs Journal published my first writings about cryptography.
Posted on October 15, 2008 at 3:37 PM
• 13 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Dr Dobbs still exists? Their international distribution is dead.
"the encryption algorithm is not particularly relevant to security"
I know it's easy to say one thing doesn't matter as much while there are so many other problems around, but the fact is the algorithm is still relevant.
What you are saying sounds like "the state of a vehicle is not relevant until people become better drivers". It is true that equipment is not a complete solution, yet we know that people are better drivers if their vehicle is in a good state.
Ah yes, the almost invariably irrelevant car analogy. The point is, it doesn't matter a damn what you encrypt your laptop hard disks with when your employees dump your database in plain text onto a memory stick and leave them lying around.
Security is an area where `experience' is so important. No matter what you learn
in school, unless you burn your fingers, it just won't sink in. And experience
is hard to come by! Hence, tools have serious limitations.
"yet we know that people are better drivers if their vehicle is in a good state."
no davi. i don't subscribe to this view, but i offer you thanks for a good yuk.
Can anyone point to a case where encryption of a spinning drive in a data center would have stopped any publicly announced security breach (that doesn't involve mobile media, or a purloined server)?
I can't think of one. Most breaches come from either physical theft of media or through network, server, or application weaknesses. Any breaches that come through a trusted/privileged channel will succeed because the attacker gets unencrypted data.
I think that is Bruce's point here. Encryption becomes moot because it isn't a factor where theft occurs (banks aren't usually robbed after hours so increasing the security of the safe has diminishing returns).
"we know that people are better drivers if their vehicle is in a good state"
I would lean more towards "drivers with vehicles in a bad state cannot be great drivers". This is because in most cases you don't need to be great, just good. And it is possible to be a good driver with a so-so vehicle. It may be a bit rusted, and the suspension may bounce, but as long as the brakes and running lights all work, you can be considered good if your actual driving skills are up to it.
Meanwhile, you can have a great vehicle and drive while trying to dial the cellphone. Oops.
@ Chris S
yes, you said it much better. thanks.
"The point is, it doesn't matter a damn what you encrypt your laptop hard disks with when your employees dump your database in plain text onto a memory stick and leave them lying around."
It does actually matter, since those employees who do follow procedure will actually benefit from the encryption.
I don't see why people think if one control fails, therefore all controls should be abandoned or ignored.
"Can anyone point to a case where encryption of a spinning drive in a data center would have stopped any publicly announced security breach (that doesn't involve mobile media, or a purloined server)? I can't think of one."
Actually, it is totally relevant to mobile media. There is no such thing as a fixed disk, even in data centers and spinning.
I've documented many such breaches on my blog and spoken on them at conferences too (just came back from the IEEE Key Management Summit). Consider the Utah case, Miami, Bank of America...
Bottom line is the largest breach numbers are typically from tapes that are not encrypted. Encryption would not only prevent the breach (by legal definition, not necessarily colloquial terms), but also save organizations the trouble of explaining why they thought encryption was unnecessary until after a breach happened.
The next problem will be when algorithms get more widespread use people will increasingly seek guidance on which standard to use. How will they find meaningful guidance if guys like Bruce go around saying the algorithm doesn't matter? If the industry doesn't step up, or pundits step in with more sincerity, the government will probably have little choice but to regulate.
"How will they find meaningful guidance if guys like Bruce go around saying the algorithm doesn't matter?"
Having read the article I think you are being a little unkind.
Bruce set the comment he made in a context of it not being the weakest link in the chain by a large margin.
In this context he is correct that the biggest threats are as always humman complacency and physical access to a system.
Saddly they are the two things computer security can never ever solve and in tandum they will always trump any technical measure you care to put in place.
Your argument appears to boil down to,
"Bruce please don't say it that way as it will be used as a sound bite out of context".
And although I would agree with the sentiment as it is a recognition of the human condition in the modern world, it does not alter the fact that the point Bruce was making was entierly valid and correct.
If people actually stopped looking for "open cheque book" technical "silver bullets" solutions and actualy endevered not to made their "houses of straw" on "shifting sands" then we all would be a lot better of.
Perhaps as an analagy you should use the one of the driver who fell asleep at the wheel and blaimed the death and destruction they caused not on themselves but on the writer of the computer game they stayed up all night playing instead of sleeping...
I specifically excluded mobile media BECAUSE it benefits from encryption.
My question had to do with somebody physically accessing data in a spinning drive that was not removed through theft or for service (granted, those are real vectors where encryption will help).
My point wasn't that encryption isn't needed, just that someone will always chose a different route to get the data if it exists, and they frequently succeed.
I still maintain that none of the disclosed on-line breaches - from tjx to hannaford and all the way down the line against on-line systems- would not have been prevented by data at rest encryption. The attackers came in through privileged means - they didn't steal the drives and they didn't have backup tapes to work off of.
Consider that even the FBI use keyloggers to get pass phrases. Not matter what your encrypting scheme is, it won't beat that.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.