-
Read more...
“Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice.” … “The major shortfall is absence of assurance or safety mechanisms in software. If my car crashed as often as my computer does, I’d be dead by now.”
Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008 -
"Today’s systems must anticipate future attacks. Any comprehensive system – whether for authenticated communications, secure data storage, or electronic commerce – is likely to remain in use for five years or more. It must be able to withstand the future: smarter attackers, more computational power, and greater incentives to subvert a widespread system. There won’t be time to upgrade it in the field."Read more...
Bruce Schneier, "Why Cryptography Is Harder Than It Looks", 1997 -
Read more...
“Never underestimate the attention, risk, money and time that an opponent will put into reading traffic.”
Robert Morris, former Chief Scientist of the US National Security Agency (NSA), National Computer Security Center, "Crypto '95 invited talks by R. Morris and A. Shamir", 1995
Resources Expert Opinions Information assurance quote: Sotirov et al, No excuse for using broken crypto
| quote: Sotirov et al, No excuse for using broken crypto |
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Wegerr, "MD5 considered harmful today - Creating a rogue CA certificate", December 2008
|