http://teh-win.blogspot.com/ has (as usual) an amusing read up, which
at one step harps on a point that I can't support enough: 0days !=
hacking. Almost all "real" hacking is done via transitive trust (thus
the same goes for pentests). 0days allow you to more quickly get
_some_ trust to exploit transitively, but the "real" work is done on
transitive trust. And transitive trust and "real" hacking gets too
little credit at security conferences, mainly because any "real"
research here is by direct implication illegal ("... I wrote this worm
that exploits transitive trust ... and I have some empirical data on
it's spreading capabilities *cough* ...").
Now I just need to find a dictionary that explains me what "branler la
nouille en mode noyau" means ;)
posted by halvar.flake at 1:13 PM 4 comments
Publication Economics and Cryptography Research
Something I cannot cease to wonder is why historically there has been
so little published research on the cryptanalysis of block ciphers.
There seem to be millions of articles describing "turning some math
guy's favourite mathematical problem into an asymetric crypto
algorithm" and a similar flood of "fair coin flipping if all
participants are drunk cats and the coin is a ball of yarn"-sort of
papers. All in all, there have been perhabs less than 20 REALLY
important papers in the analysis of symetric crypto in ... uhm ... the
last 10 years (I count hashes as symetric crypto here).
What's the reason for this ?
First of all, symetric crypto tends to not have a "nice" mathematical
structure. This changed somewhat with AES, but almost everything on
the symetric side is rather ugly to look at. Sure, everything can be
written as large multivariate polynomials over GF(2), but that's just
a prettier way of writing a large boolean formulae. So it's hard for
anybody in a math department to justify working on something that is
"like a ring, but not quite, or like a group, but not quite".
Secondly, starting to build a protocol or proposing a new asymetric
cipher is something that a sane researcher (that has not earned tenure
yet) can do in a "short" window of time. Setting out to break a
significant crypto algorithm could very easily lead to "10+ years in
the wilderness and a botched academic career due to a lack of
publications". The result: If you haven't earned tenure yet, and want
to work in crypto, you work on the constructive side.
I find this to be a bit frustrating. I'd like to work on ciphers,
specifically on BREAKING ciphers. I seriously could never get myself
excited about defense. I wouldn't mind spending a few years of my life
on one cipher. But academically, and career wise, this is clear
suicide.
Perhabs we should value "destructive" research more. From my personal
viewpoint, a break in a significant cipher is worth more than 20
papers on fair coin flipping in the absence of gravity. But when it
No comments:
Post a Comment