• "Dropping support for a broken crypto primitive is hard in practice
    - but crypto can be broken overnight
    -     what do we do if SHA-1 or RSA falls tomorrow?"

    Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Wegerr, "MD5 considered harmful today - Creating a rogue CA certificate", December 2008
    Read more...

  • “We are a cyber nation. The U.S. information infrastructure--including telecommunications and computer networks and systems and the data that reside on them--is critical to virtually every aspect of modern life. This information infrastructure is increasingly vulnerable to exploitation, disruption, and destruction by a growing array of adversaries.”

    The National Coordination Office (NCO) for Networking Information Technology Research and Development (NITRD), Federal Register: December 30, 2008 (Volume 73, Number 250).

    Read more...

  • Florence Luy asks the question: "Is the writing on the wall for 1024-bit (RSA) encryption?"
    Dutch mathematician Hendrik Willem Lenstra: "The answer to that question is an unqualified yes."

    Florence Luy, Hendrik Lenstra, “A mighty number falls”, 21 May 2007, École Polytechnicque Fédérale de Lausanne

    Read more...
Home Resources Expert Opinions Information assurance quote: Brian Snow, Simple definition of assurance
quote: Brian Snow, Simple definition of assurance

Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice. … The major shortfall is absence of assurance or safety mechanisms in software. If my car crashed as often as my computer does, I’d be dead by now.

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008
 

Related Items