Montag, 28. November 2005

My Encrypted Afternoon

Geschrieben von florian in my day um 05:26
Phew, I just attended a really promising talk by Dr. Radia Perlman (don't miss out her awards; she's also written two of the top 10 Networking reference books, according to Network Magazine) titled "how to build an insecure system out of perfectly good cryptography". I was a bit late, so I missed her introduction but as I knew about her cv a bit I was sure to hear some outstanding things. In fact I was a bit surprised to get to know her opinions on "web of trust"-models (aka the "anarchy model") but had a laugh listening to the "monopoly model" bashing Versign et al. Though it's a bit disappointing that such a personality had no better comments to the open source approaches than mentioning untrustable keychains. I felt like comparing apples and oranges - in my opinion there is not a big difference between checking persons' ids at "geeks' keysigning parties" and trusting somebody I can meet in person cause he works in the ca of my company. Well, except that my key might be signed by a lot of trustworthy people you know in person that are responsible enough to only sign keys of others they know as good. I felt reminded to one of Paul's talks on GBDE when she stated that she probably would sign anything when her children where kidnapped. Kidnapped to break crypto... way out of proportion to my use (so far).
However, at least she introduced some possibilites for larger communities and gave nice case studies comparing to kerberos and MS's domain controller approach. She also stated that there is no way to pass over public key encryption when you want to gain real secure environments. By the way, it was also funny listening to her thoughts on proofs of security and the meanings of breaking hash functions. It was kinda entertaining but not a real enrichment in terms of knowledge. Talking to her afterwards I could even give her some hints on googles page rank - I would like to know if she will mention that gimmick in her next talk on this. Well, on the whole there was no solution to the ever upcoming problem of trusting at least somebody, not that I had expected something alike.
Kommentare (2) | Trackbacks (0)

Trackbacks
Trackback für spezifische URI dieses Eintrags

Keine Trackbacks

Kommentare
Ansicht der Kommentare: (Linear | Verschachtelt)

Hi Florian,
I'm interested to know what you mean by "give her some hints on googles page rank"? Are you suggesting some form of trust that propagates similar to PageRank?

Great blog btw.
#1 Andrew Cunningham am 30.11.2005 03:22 (Antwort)
Hmmm, no, not that sophisticated. She wondered how long it might take till google gets exploited (or at least their page rank). She stated that search engines have so much power and that while today you will be able to find what you are looking for this might be different if people "break" the page rank. But ... as the algos behind that aren't real secrets this already happened. It's those funny and widely known things like googeling (shit, it really is a word) for "failure". I'm sure you know how that works, it's kinda easy to be done. Well, in fact I made a non it person explaining this special thing a few days ago (cheers Benni).
I told her and maybe she will be more careful with this now. I mean ... telling people what could happen in the future. She definitely missed something here.
#1.1 florian (Homepage) am 30.11.2005 05:33 (Antwort)

Kommentar schreiben

Umschließende Sterne heben ein Wort hervor (*wort*), per _wort_ kann ein Wort unterstrichen werden.
Standard-Text Smilies wie :-) und ;-) werden zu Bildern konvertiert.

Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss um dieses Verfahren anzuwenden.
CAPTCHA
 
 
 
Powered by Serendipity | Template by Perun