How I Was Wrong About Kerberos
Microsoft’s Active Directory includes a version of Kerberos that has had a bad reputation. There were problems several years ago, but the criticisms are now outdated. What was the problem, and how has it been fixed? Origins of Active Directory Windows 2000 was originally going to be called Windows NT 5.0. It was released in […]
How Will Vehicle-To-Everything (V2X) Communication Transform Your Car?
A casual mention of Vehicle to Everything, or V2X, in a mailing list, led me to a short article, and that led to much more. It made me aware of a project that may make huge changes to how we get around. Roads can measure cars in very limited ways today with inductive loops at […]
Cyber Security Requires Cautious Logic
If we don’t carefully distinguish between necessary and sufficient when we are analyzing information assurance systems, we may become dangerously confident in a system that is actually quite weak. This Isn’t A New Problem Cryptography enthusiast Edgar Allan Poe wrote, in “A Few Words On Secret Writing” in Graham’s Magazine in July 1841: “Few persons […]
Are Consumer Crypto Systems Too Hard To Use?
In a previous post, I summarized some academic papers in which prominent cryptographers and other security experts took a very skeptical look at current cryptography, both research and practical systems. It’s not just e-mail plugins and other desktop computer applications that can disappoint us. One of the papers showed that the APCO Project 25 two-way […]
Last week I explained why government-imposed backdoors cause more problems than they solve, and government-imposed weaknesses from the 1990s are still causing SSL/TLS security problems. Let’s see some of the other ways backdoors have spectacularly failed. This is nothing new The problem of insider abuse goes back to an era when letters and telegrams were […]