tag:blogger.com,1999:blog-21503568.post8367593161099078191..comments2023-11-03T06:32:28.410-04:00Comments on Staring At Empty Pages: A couple of things about StuxnetBarry Leibahttp://www.blogger.com/profile/14205294935881991457noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-21503568.post-57219761033661562722010-10-18T05:25:42.314-04:002010-10-18T05:25:42.314-04:00"When the private keys are kept private, digi..."When the private keys are kept private, digital signatures that use current cryptographic suites are, indeed, secure. But..."<br /><br />This is a bit nitpicky of me, but... keeping the keys private is only one -- though arguably the most important one -- of several key assumptions that make crypto "secure" in a meaningful sense. Keys can also be too short, too easily guessed, or kept in a manner that makes them vulnerable to sniffers and other attacks that can make them cease being private at any moment. The point is simply that the much-vaunted security of cryptography is dependent on a number of assumptions, all of which are violated on occasion. <br /><br />It's nitpicky, but it's also important to stress that there's no single thing that makes crypto secure, and that our dependence on its security is always conditional on a number of subtle factors. Keeping the keys private is a big one, but there are lots of subtleties underlying even that key point.Nathaniel Borensteinhttps://www.blogger.com/profile/03232212556909107350noreply@blogger.com