OK, my name is Richard Smith, and it's a common name. My wife's name, however, isn't especially common. The combination of the two is even rarer. A party traveling by air matching those two names is even rarer.
Some web sites insist on as much control over our passwords as they can get. They demand that we choose hard-to-remember passwords, they spread the login over several pages, and they refuse to accept password text through autofill or even copy/paste. This is supposed to reassure us, I guess, the way that shoe removal reassures everyone at the airport.
This is a follow-on of my "Grade School Crypto" introduction to the fundamentals of cryptography. While constructing examples from my class, I came across a nice little web site called "Count On," that includes a page of basic crypto tools.
About 20 years ago, I worked with a fellow who proudly told me that he had once written a flawless piece of software. He kept its inch-thick line printer listing as a shrine in his cubicle. I never asked him for details, because he got angry when people questioned his judgement on computing. After all, he had once been in a panel discussion with Grace Hopper!
I have my own Grace Hopper stories, but today's interesting panel discussion took place earlier in December at the 2013 ACSAC in New Orleans. Roger Schell, a luminary in the annals of cyber security, declared that 1980s techniques had indeed created "bug-free software."
Last week I participated in a very geeky panel discussion about a now-defunct standard for computer system security: the TCSEC. I showed some charts and diagrams about costs, error rates, and adoption of government-
"After its evaluation, Multics never needed a security patch."
I admit I find this hard to believe, and it's not consistent with my own Multics experience. However, most of my Multics experience predated the evaluation. So I ask: does anyone know if Multics had a security patch after its B2 TCSEC evaluation?
I've probably written about this before, but I feel inspired to write out some details as I sit in this session at ACSAC.
I think the modern city is the perfect metaphor for modern software. Individual programs are entities (people, organizations) who exist in a city. Elements of the city (other programs) provide services and utilities. There is a level of confidence in the services and utilities, but all is at risk of disruption by natural disasters or by criminal acts.
It's always good to hear from an expert, especially an accurate one.
This article in The Register talks about "really secure" email service versus "almost secure" email service, using Lavabit as an example. Lavabit provided somewhat secure email service in that all emails were encrypted with a hefty secret key. But each key was itself stored on the email server, and encrypted with the owner's password.