Wednesday, June 17, 2015

Sweet Surrender?


"Gödel's Lost Letter..." offers a take today, "Security Via Surrender," which employs "judo" for the worsening problem of security in our digital world:
https://rjlipton.wordpress.com/2015/06/16/security-via-surrender/

The authors launch their case from this quotation of a martial arts disciple:
"...resisting a more powerful opponent will result in your defeat, whilst adjusting to and evading your opponent’s attack will cause him to lose his balance, his power will be reduced, and you will defeat him. This can apply whatever the relative values of power, thus making it possible for weaker opponents to beat significantly stronger ones."
They forgo the emphasis on "golden key" and secrecy approaches to security in favor of a "knowledge-based authentication" format. But in the end they also admit that "the bad news in all of this is that assuring one’s identity is becoming a battle and there seems to be no simple way to assure victory."

Indeed, can't help but be reminded here of the old Murphy dictum that, "It is impossible to make anything foolproof because fools are so damned ingenious."


No comments: