Papers

http://www.cs.dartmouth.edu/~sws/abstracts/fairydust.shtml     Last modified: 06/22/04 05:56:17 PM

S.W. Smith.
"Fairy Dust, Secrets and the Real World"
IEEE Security and Privacy..
1:89-93. Jan/Feb 2003.

Opening

In an invited talk at a recent security conference, a noted member of our field's old guard derided cryptography as "fairy dust," which we sprinkle on our protocols and designs, hoping it magically will make them secure. While I am not sure I share his conclusions in general, I do share some of his cynicism. Too many of us believe breaking RSA is at least as hard as factoring, when it's the other way around: breaking RSA is no harder than factoring, (and it might even be easier). Furthermore, when designing security protocols and systems that use these properties, we depend too often on fairy dust: critical properties that we uncritically assume to be unassailable.

One of these critical assumptions is that secrets remain secret.

Download

PDF

Note Also

In a subsequent essay in this series, I included the following clarification:

In the premier of this department (Threats Perspectives, January/February 2003, p. 89) I used a "fairy dust" metaphor for cryptography (we hope that it magically makes the protocol work), and cited a talk by an anonymous member of our field's old guard. The old-guard member I had in mind was Roger Schell, whose invited talk "Information Security: Science, Pseudoscience, and Flying Pigs" (at the 2001 ACSA/ACM Annual Computer Security Applications Conference) skewered many aspects of modern security work. I had not felt an explicit citation was appropriate because it was an off-the-cuff remark and the metaphor did not appear in his accompanying paper. In the interest of completeness, I must point out that the earliest published record of this metaphor is Bruce Schneier's discussion of "magic security dust" on page xii of Secrets and Lies (John Wiley, 2000). It's a good metaphor; my kudos to Bruce for thinking it up.


Back to home page Maintained by Sean Smith, sws@cs.dartmouth.edu