From: Peter Gutmann To: iang-AT-iang.org Subject: Re: best practices considered bad term Date: Mon, 02 Feb 2015 03:44:42 +1300 Message-ID: Cc: for-gmane-AT-mutluit.com, cryptography-AT-metzdowd.com, kentborg-AT-borg.org Archive-link: Article, Thread ianG writes: >As a wider philosophical question, is it even appropriate to promote or >accept 'best practices' in the security world? It's presence is almost a >complete proof that we're not doing security, we're instead participating in >a rain dance or voodoo for purposes of avoiding security. This is particularly the case for the "cryptography" subset of "security", for which "best practice" seems to be synonymous with, as Linus put it, "people wanking around with their opinions". In something like medicine we have evidence-based best practice, "don't discontinue your antibiotics until you've gone through the full course". In agriculture we have "don't overuse one type of fungicide or you'll end up with resistant strains". In contrast in crypto it's "Use ECC!" / "No, use RSA with an 8K key!" / "No, use AES-GCM!" / "No, use Poly1305-AES" / "No, use ECC but only with My Pet Curve!" / "No, use Ed25519" / "Camellia! Gost! Twofish! SEED! LIONs and Tigers and BEARs, oh my!", ignoring the fact that an attacker won't care what you do since they're exploiting a buffer overflow in some ancillary support library that you don't even know exists. In medicine and agriculture we know from real-world experience that if you don't follow best practice (in the use of antibiotics, fungicides, whatever), bad things will happen. In the crypto world if you don't follow best practice (pick someone's at random, it doesn't make much difference) chances are nothing will happen, and even if you do follow best practice, you'll probably get owned anyway because crypto won't stop anyone who wants to get in (see Shamir's Law, what I mean here is that if there's a way in then it won't involve breaking the crypto, an extended form of which is in this slightly NSFW poster: https://www.kiwicon.org/site_media/poster_shit.pdf). So it's certainly a rain dance, but I wouldn't say it's for avoiding security, it's for avoiding liability, a la "no-one ever got fired for buying IBM". Peter.