Wednesday, December 17, 2008

How to really make something secure...

This is a little off my normal post of a simple how-to for this blog, but I saw this nice description of the real issues for making something secure from Perry Metzger and thought it was worth calling out.

This paragraph captures the gist:
The biggest problem in security systems isn't whether you're using 128 bit or 256 bit AES keys or similar trivia. The biggest problem is the limited ability of the human mind to understand a design. This leads to design bugs and implementation bugs. Design and implementation flaws are the biggest failure mode for security systems, not whether it will take all the energy in our galaxy vs. the entire visible universe to brute force a key.
I could not have put it better myself.

No comments:

Post a Comment