In a slightly perverse way I almost enjoy watching the media reporting and reading the third-party pseudery blogging of people who’ve read [www.schneier.com] – it seems a year cannot now go by without someone saying that “MD5 is dead”, “SHA-1 is dead”, “RSA is dead” … stating some degree of academic justification that is rapidly conflated into a media terror.
The most amusing are the reports themed: weird, possibly asocial academic – generally wrong, since in fact most cryppies are awfully well-rounded – has by arcane means found a big, red, Sneakers-style “circumvent all the world’s cryptography and watch the planes fall out of the sky” mathematical switch.
Not all of them are that bad, but enough are.
Of course this is exactly the same sort of claptrap sometimes spouted by the media with regard to any other topic; the difference being with this one that I have a very good idea what is actually going on.
(sigh)
There is a mote of truth, however – the security industry should never get complacent; back in 1985 Robert Morris (he later of the misguided prank that became The Internet Worm) published “A Weakness in the 4.2BSD UNIX TCP/IP Software” [cm.bell-labs.com] which at the time and for some years afterwards this was considered an “academic” weakness, one that was “too hard to exploit” in the real world.
I even remember hearing people tell me this – but even so, nine or so years after publication, Tsutomu woke up to an unexpected surprise.
So yes: that which can conceived in the field of computing can generally be implemented; but so long as we are all using multiple diverse and and redundant tools from the set of algorithms, systems, and platforms that are available to us, no monster will be able to cut the world off at the knees.
Leave a Reply