[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Most People don't Think about Security

To: [email protected] (Timothy C. May)
Subject: Re: Most People don't Think about Security
From: [email protected]
Date: Wed, 06 Jul 94 07:13:47 EDT
Cc: [email protected]
Sender: [email protected]

	 Safe manufacturers have said that improvements in safes (the metal
	 kind) were driven by insurance rates. A direct incentive to spend more
	 money to improve security (cost of better safe < cost of higher
	 insurance rate).

Have a look at Ross Anderson's paper ``Why Cryptosystems Fail'' from
the Fairfax conference.  He points out that one reason U.S. banks use
better security for their ATM cards than do U.K. banks is a difference
in the law:  in the U.S., the banks are (generally) liable for disputed
charges.  Again -- if you pay for failures, you worry about the security.

	 Personally, my main interests is in ensuring the Feds don't tell me I
	 can't have as much security as I want to buy. I don't share the
	 concern quoted above that we have to find ways to give other people
	 security.

We have to find ways to make strong security usable.  As you pointed out in
the part of your note that I deleted, banks couldn't deploy 10-digit
PINs even if they wanted to.  And if a bank can't deploy a strong security
system, then we -- who care about it -- can't use it.

Prev by Date: Windows for Workgroups 3.11
Next by Date: Re: Windows for Workgroups 3.11
Prev by thread: FW: Windows for Workgroups 3.11
Next by thread: Re: Most People don't Think about Security
Index(es):
- Date
- Thread