December 30, 2008
Systems Will Be Breached

Scott Merrill writes that:

At the 25th Chaos Communication Congress (CCC) today, researchers will reveal how they utilized a collision attack against the MD5 algorithm to create a rogue certificate authority.

As Scott says, this is pretty big news, so I encourage you to read his post and the paper describing the breach. He also writes that “affected CAs are switching to SHA-1”.

This episode immediately reminded me of a principle that Kim often espouses:

The way to design securely is to assume your system WILL be breached and create a design that mitigates potential damage.

I’ll leave it to others to debate whether CAs switching to SHA-1 is likely to be an effective mitigation in the long term and to discuss how long it will take before this particular breach has been worked around. But this sure provides (more) convincing evidence that designing systems with the assumption that they will be breached is essential to those systems’ robustness and long-term viability.

One Response to “Systems Will Be Breached”

  1. on 01 Jan 2009 at 11:43 pm #

    I hope that the mitigation of damage includes processes executed by carbon-based life forms instead of only processes automatically executed by silicon-based thingies. I.e. I hope nobody thinks the mitigation is a problem to be solved by software.

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.