Carl Malamud: Internet Talk Radio, flame of the Internet.

This is Geek of the Week. We’re talk­ing to Steve Crocker. He’s Vice President at Trusted Information Systems and the new mem­ber of the Internet Architecture Board with the secu­ri­ty port­fo­lio. Welcome to Geek of the Week, Steve.

Steve Crocker: Thank you very much. I should say that the IAB does not have those spe­cif­ic slots, and John Romkey, who’s been inter­viewed here before, and Mike Saint Johns in par­tic­u­lar, have very strong secu­ri­ty inter­ests as well. So I’ll cer­tain­ly try to do my part on the IAB with respect to secu­ri­ty but I expect to have—

Malamud: But before you were kicked upstairs you were the IESG Area Director for secu­ri­ty.

Crocker: Yes, that’s right. I was the IESG’s Area Director for secu­ri­ty.

Malamud: I’d like to know the dif­fer­ence between the Clipper Chip, DSS, and RSA. So why don’t we start with the Clipper chip, and you can tell us what that is and what the oth­er com­po­nents of Clipper are.

Crocker: Ah. An inter­est­ing col­lec­tion of top­ics. I need to back up just a lit­tle bit in order to put all of this into per­spec­tive. What you’ve named—Clipper, DSS, and RSA—are cryp­tog­ra­phy tech­nolo­gies. And cryp­tog­ra­phy is used for sev­er­al inter­re­lat­ed but some­what dis­tinct pur­pos­es. The most obvi­ous use of cryp­tog­ra­phy is to scram­ble infor­ma­tion so that it can’t be seen by any­body except the sender and the intend­ed receiv­er. Cryptography is also used for a sig­na­ture process so that the per­son who receives a dig­i­tal­ly signed mes­sage can be assured that it came from the per­son who sent it instead of from some­body else who’s forg­ing a mes­sage.

Malamud: So you scram­ble a mag­ic cook­ie and if you can describe it it must’ve been from you because you’re the only one who can scram­ble it.

Crocker: Precisely. And there’s yet anoth­er close­ly relat­ed but again some­what dis­tinct aspect, which is to make sure that the mes­sage that was received is an untampered‐with or unmod­i­fied copy of what was sent. And again this involves some use of cryp­tog­ra­phy, prin­ci­pal­ly involv­ing a cryp­to­graph­ic check­sum so that it’s impos­si­ble to mod­i­fy a mes­sage and cre­ate the same cryp­to­graph­ic check­sum, and that if the mes­sage is mod­i­fied the receiv­er can detect it.

Now, those are three dif­fer­ent secu­ri­ty ser­vices, and then I need to add one more piece of com­plex­i­ty, what’s called sym­met­ric ver­sus asym­met­ric cryp­tog­ra­phy.

The Clipper chip is a form of sym­met­ric cryp­tog­ra­phy. That means that the same key is shared by the sender and the receiv­er. And the sender uses the key to ini­ti­ate the scram­bling process, and the receiv­er uses the key—the same key—to descram­ble the mes­sage. And in this respect, Clipper is an alter­na­tive to the long‐used Data Encryption Standard, DES, that has been around for close to twen­ty years and has been a fed­er­al infor­ma­tion pro­cess­ing stan­dard.

Malamud: So Clipper is, if I might over­sim­pli­fy, is a hard­ware replace­ment for the soft­ware DES, although DES could’ve been put in hard­ware.

Crocker: Yeah. Actually, the orig­i­nal FIPS spec­i­fi­ca­tions tend­ed to avoid soft­ware imple­men­ta­tions and insist that DES be in hard­ware or at least in ded­i­cat­ed micro­proces­sors. But DES is wide­ly imple­ment­ed in soft­ware, as you say. Clipper is intend­ed as a replace­ment for DES, and of course the thing that makes Clipper of great inter­est and con­cern is that in addi­tion to pro­vid­ing the scram­bling process it also has this sort of escrowed key idea. Which means that in the process of using it, the key that you use is encod­ed in a way that the US fed­er­al gov­ern­ment can inter­cept if they want and decode that mes­sage because the keys are car­ried with the mes­sage, or have to be for­ward­ed in advance, actu­al­ly. And in for­ward­ing them, they’re encod­ed in a way that… They’re encrypt­ed with yet anoth­er key. And the key that they’re encrypt­ed with is this escrowed key that is cre­at­ed at the time the chip is cre­at­ed and is stored away in a vault some­where. And the intend­ed oper­a­tion is that under fed­er­al court order are appro­pri­ate legal safe­guards sur­round­ing that. The key that unlocks the key that the user has cho­sen is obtain­able and usable by fed­er­al author­i­ties, or per­haps the local law enforce­ment authorities—it’s not entire­ly clear what the pro­ce­dures will be.

Malamud: So this is a sym­met­ric key sys­tem. Basically we share a secret—you know it, I know it—and because we both have it we’re able to decode the traf­fic. How do we share that secret? How does Clipper let you know the secret that we want to use for this par­tic­u­lar con­ver­sa­tion?

Crocker: Clipper doesn’t involve… Clipper by itself doesn’t have that par­tic­u­lar mech­a­nism. You have to do some­thing else. But in the process of syn­chro­niz­ing the two, you sort of have to make clear what key you’re using. And you do it in a way that as I say, it’s encrypt­ed but only peo­ple who have access to the key that the Clipper chip was man­u­fac­tured with. And each Clipper chip has its own dis­tinct key but in the process of com­mu­ni­cat­ing that key across, the iden­ti­ty of the Clipper chip—of that par­tic­u­lar chip, its ser­i­al num­ber if you will—is dis­closed. And then by look­ing in this vault you can com­pare the ser­i­al num­ber and find the key that goes with that.

Let me move quick­ly to the oth­er ques­tions that you asked because I think it’s impor­tant to under­stand the oth­er pieces. You asked about the Digital Signature Standard and you asked about RSA. These are what are called asym­met­ric, or more com­mon­ly pub­lic key, tech­nolo­gies. And pub­lic key tech­nol­o­gy has this pecu­liar and real­ly excit­ing idea that there are a matched pair of keys. Instead of a sin­gle key being shared by both par­ties, there are two dif­fer­ent and dis­tinct keys. One is used by the sender and one is used by the receiv­er. And the math­e­mat­i­cal process that’s used to cre­ate the pair of keys makes them a mat­ed pair. And when used for encryp­tion, the sender uses the first key and the receiv­er uses the sec­ond key. The sender encrypts and the receiv­er decrypts, but the the sender can­not, and nobody else can decrypt the mes­sage because they’ve only used the encrypt­ing key.

And so the way that’s used is if I want to send a mes­sage to you, you have a matched pair of keys and you make one half of that, you make one of those avail­able for every­body to know. And that’s what you call your pub­lic key. And you have a match­ing one that you keep pri­vate and you don’t let any­body else know. Anybody who wants to send infor­ma­tion to you so that only you can read it will use your pub­lic key. And they will encrypt the mes­sage using your pub­lic key and then send it to you. You will have the pri­vate key and you will be able to decrypt that mes­sage using your pri­vate key.

The same idea applies in reverse with a dig­i­tal sig­na­ture. Again, using pub­lic key tech­nol­o­gy there’s a matched pair of keys. In this case the sender has a pair of keys. He uses one that he uses pri­vate­ly, and he uses that to sign the mes­sage. And he makes avail­able his pub­lic com­po­nent. Everybody who wants to know whether or not that mes­sage was signed by that per­son gets a hold of the pub­lic com­po­nent and uses it to check the sig­na­ture. So there’s two uses of pub­lic key tech­nol­o­gy. And in both cas­es you have one par­ty keep­ing one half of the infor­ma­tion pri­vate and mak­ing the oth­er half pub­licly avail­able.


Malamud: Steve Crocker, we’ve been talk­ing about pub­lic key, and there are sev­er­al vari­ants of pub­lic key sig­na­ture stan­dards. There’s RSA and there’s DSS. Maybe you can explain what the dif­fer­ences between the Digital Signature Standard and RSA.

Crocker: Right. As I’ve described, there’s two uses of pub­lic key tech­nol­o­gy. One is an encryption‐oriented, and the oth­er is sig­na­ture. Now we come to a most pecu­liar and most inter­est­ing phe­nom­e­non.

There are mul­ti­ple algo­rithms avail­able for pub­lic key tech­nol­o­gy. The one that is most wide­ly used and most pop­u­lar, and far and away preva­lent in the mar­ket­place and has very nice tech­ni­cal prop­er­ties is the RSA algo­rithm. RSA stands for the three inven­tors, Rivest, Shamir, and Adleman. And because it’s also the name of the algo­rithm and then there’s a com­pa­ny, RSA Data Security, the term RSA seems to be used for both the algo­rithm and the com­pa­ny, and some­times even to refer to the inven­tors.

Malamud: And this is a set of patents as well.

Crocker: That’s right. This pub­lic key tech­nol­o­gy is patent­ed. There are mul­ti­ple patents gov­ern­ing dif­fer­ent parts of pub­lic key tech­nol­o­gy and in par­tic­u­lar there’s one for the RSA algo­rithm.

The inter­est­ing phe­nom­e­non relat­ed to the RSA algo­rithm and is not shared with some of the oth­er algo­rithms is it is use­ful for both encryp­tion and for dig­i­tal sig­na­ture. That is they are two dis­tinct uses and this sin­gle algo­rithm is use­ful for both of those. And there’s an amaz­ing and some­what inter­est­ing sto­ry that then devel­ops from that. But I’m get­ting ahead of myself a lit­tle bit.

The Digital Signature Standard, or the Digital Signature Algorithm, which the US gov­ern­ment is seek­ing to turn into a fed­er­al stan­dard, is anoth­er pub­lic key algo­rithm. And it is use­ful only for sig­na­tures and is not use­ful for encryp­tion.

Malamud: Why is that?

Crocker: Well, I don’t want to dig down too far into the tech­ni­cal details of this, but the broad overview is that the process of check­ing the sig­na­ture yields a result that says, Yes, I know that that was signed by some­body,” but it doesn’t trans­fer any infor­ma­tion. The com­pu­ta­tion results in a yes or no process and it doesn’t trans­fer any infor­ma­tion.

The RSA algo­rithm, in con­trast, trans­fers a cer­tain amount of infor­ma­tion and that infor­ma­tion can be used either to ini­ti­ate an encryp­tion process. And it can also be used in a sig­na­ture mode because you check whether or not the infor­ma­tion that got trans­ferred that way is equiv­a­lent to anoth­er piece of infor­ma­tion which is inher­ent in the mes­sage. But the the Digital Signature Algorithm has this oth­er prop­er­ty where no new infor­ma­tion oth­er than a sin­gle yes or no com­pu­ta­tion is trans­ferred

Now, it turns out that encryp­tion tech­nol­o­gy is viewed as a very sen­si­tive sub­ject by gov­ern­ments in gen­er­al, by the US gov­ern­ment in par­tic­u­lar. It’s viewed as a crit­i­cal mil­i­tary tech­nol­o­gy. And it is treat­ed for export pur­pos­es the same as machine guns, and nuclear weapons, and sub­ma­rine tur­bines and oth­er high tech­nol­o­gy, militarily‐relevant issues. It’s list­ed on the International Traffic in Arms Regulations list of con­trolled muni­tions. And the—

Malamud: All cryp­tog­ra­phy or cer­tain algo­rithms? Are they specif­i­cal­ly list­ed or can you just…is there a blan­ket…?

Crocker: Cryptography as a sub­ject is list­ed. The spe­cif­ic algo­rithms are then sub­ject to reg­u­la­tion by state depart­ments, by the defense depart­ment, and by the com­merce depart­ment in sort of an inter­lock­ing set of reg­u­la­tions. But the crit­i­cal fac­tor is that cryp­tog­ra­phy as a sub­ject is first and fore­most treat­ed as a mil­i­tary tech­nol­o­gy, and then if the algo­rithms are suf­fi­cient­ly benign, then they are passed over to com­merce for reg­u­la­tion as gen­er­al trade issues the same as every­thing else is regulated—apparel and fruits and every kind of oth­er thing. But the first test before you can export some­thing is are we giv­ing away tech­nol­o­gy which would help for­eign gov­ern­ments or for­eign nation­als of any sort—terrorists or oth­ers,” and cryp­tog­ra­phy is treat­ed as a very sen­si­tive sub­ject.

And with­in the gen­er­al realm of cryp­tog­ra­phy, encryp­tion is con­sid­ered to be far more sen­si­tive and far more impor­tant to con­trol than oth­er uses of cryp­tog­ra­phy such as authen­ti­ca­tion and pro­tec­tion of integri­ty. So if you want to export some soft­ware or hard­ware that con­tains cryp­tog­ra­phy, and if it only con­tains authen­ti­ca­tion and integri­ty con­trols, then it’s far eas­i­er and the reg­u­la­tions are make it much eas­i­er to export that, to sell that, almost with­out lim­i­ta­tion.

On the oth­er hand if it con­tains encryp­tion tech­nol­o­gy, so that it scram­bles data and pre­vents some­body from see­ing the infor­ma­tion, that’s very tight­ly con­trolled. And the short descrip­tion of the rules, and with the usu­al caveats that I’m not a lawyer work­ing in this area—I’m not a lawyer at all and I’m not work­ing in this area that way. But the basic com­mon sense of this is that if the cryp­tog­ra­phy is strong enough, and DES for exam­ple is strong enough, then you can­not get a gen­er­al pur­pose license to ship it any­where out­side the United States and Canada. And you can get a spe­cial pur­pose license to ship it to sub­sidiaries of US multi­na­tion­als and to finan­cial insti­tu­tions. But gen­er­al com­mer­cial use of high‐grade cryp­tog­ra­phy is pro­hib­it­ed out­side the US and Canada. Inside the US and Canada, things are wide and open and any­body can make any­thing they want and sell it any­where they want.

Now, that brings us back to the RSA sto­ry. RSA is a very ele­gant, and sim­ple, and clean, and effec­tive, and broadly‐used algo­rithm. But because it’s use­ful for both encryp­tion as well as for sig­na­tures, this has trig­gered a con­sid­er­able amount of inter­est inside the US gov­ern­ment and they are con­tin­u­ing to go to con­sid­er­able effort to slow down the spread of encryp­tion tech­nol­o­gy. And their strat­e­gy has been to invent and bring out a new sig­na­ture algo­rithm with the intent of divid­ing the mar­ket and attempt­ing to lim­it the use of RSA tech­nol­o­gy.

Malamud: So that’s DSS.

Crocker: That’s right.

Malamud: And DSS is a…does that some­how tread on the patents from RSA? Is there an inter­lock­ing patents issue here?

Crocker: Well, that’s anoth­er excel­lent ques­tion. DSS, because it’s a pub­lic key tech­nol­o­gy, does indeed require access to the exist­ing patents. And in addi­tion, not only does it require access to the basic pub­lic key tech­nol­o­gy patents, but the par­tic­u­lar algo­rithm that they invent­ed turns out to make use of the same ideas that a German inven­tor, Schnorr, also patent­ed him­self. And the Schnorr patent has now been acquired by Public Key Partners, which con­trols the oth­er pub­lic key tech­nol­o­gy patents.

And so the US gov­ern­ment is in this extreme­ly awk­ward posi­tion of hav­ing invent­ed an algo­rithm, and I think they’ve obtained a patent on it them­selves. But they’ve only obtained a patent on the por­tion that’s new. Meanwhile it rests on patent­ed tech­nol­o­gy by Schnorr and by the oth­er pub­lic key tech­nolo­gies. And so they now have to find a way to license it. And there’s been quite an out­cry.

So the the US government’s caught in mul­ti­ple ways on this. First of all they’re try­ing to invent a algo­rithm that serves no tech­ni­cal pur­pose except to under­mine and divide the mar­ket­place that has already got a solu­tion to this in the form of the RSA algo­rithm. And sec­ond of all, they’re try­ing to make avail­able as a pub­lic stan­dard a tech­nol­o­gy that they don’t have clean and unham­pered rights to.


Malamud: Let’s talk about secu­ri­ty in the Internet, and how do you secure a general‐purpose infra­struc­ture? You’ve been involved in this area of study for a long time. Do we have an idea on how to secure the Internet now?

Crocker: Yes, not only do we have an idea, we have lots of ideas. And I should say first of all that the idea of secur­ing the Internet is not a sin­gle, uni­form, one‐shot process. There’s not a sin­gle thing that you could do that [crosstalk] would bring you a high degree of—

Malamud: No just turn the key and say we’re done.

Crocker: No, there’s no turn­ing the key. There are many aspects of secur­ing the Internet. You know, so we’ve described there’s dif­fer­ent aspects of secu­ri­ty relat­ed to pro­tect­ing the pri­va­cy or con­fi­den­tial­i­ty of infor­ma­tion while it’s being trans­mit­ted. And entire­ly dif­fer­ent issue of of pro­tect­ing the integri­ty to assure that some­thing hasn’t been tam­pered with or if it has that you can detect it.

Malamud: So secu­ri­ty is many lay­ers and many dif­fer­ent pro­to­cols.

Crocker: Multi‐faceted, mul­ti­ple aspects of what’s meant by secu­ri­ty. And of course one of our biggest con­cerns is mak­ing sure that com­put­ers don’t get bro­ken into on the net­work.

At the same time, the Internet con­sists of a lot of dif­fer­ent parts. One might try to pro­tect the trans­mis­sion of infor­ma­tion going across the net­work. And at the same time, one would like to make sure that the infrastructure—the routers and the trans­mis­sion lines and so forth—can’t be tam­pered with, there­by bring­ing down the net­work. I mean, one of the most ter­ri­ble things we could imag­ine is that some­body might pen­e­trate enough of the net­work to inter­rupt the flow of infor­ma­tion and bring the whole net­work down, irre­spec­tive of whether or not they got into any of the end sys­tems on the net­work.

Malamud: Does that mean authen­ti­cat­ing router exchanges so that one router knows that it’s real­ly the oth­er router it’s talk­ing to?

Crocker: Certainly one of the most sen­si­tive aspects is the rout­ing infor­ma­tion that the routers use to know how to direct one pack­et to move across the net­work to get to where it’s going. And pro­tect­ing rout­ing infor­ma­tion is absolute­ly essen­tial to that. We’ve been for­tu­nate so far in that there have not been any inten­tion­al dis­rup­tions of rout­ing mech­a­nisms. There have been a num­ber of acci­den­tal events over the past twen­ty years that have brought down par­tic­u­lar net­works for short peri­ods of time.

Most of the secu­ri­ty issues where we’ve seen any kind of inten­tion­al activ­i­ty has been direct­ed at the end systems—people break­ing into spe­cif­ic com­put­ers around the net­work. And the most recent vis­i­ble flur­ry of events has been har­vest­ing of pass­words using Ethernet‐sniffing pro­grams. And that’s caused a great deal of con­cern.

Malamud: Well, let’s look at that issue right there. The prob­lem there was a net­work device that you would use on occa­sion to put your Ethernet con­troller into promis­cu­ous mode so you can look at your Ethernet and see what’s going on. It’s a clas­sic debug­ging tool. And what hap­pened is peo­ple would come in from the out­side, steal an account, sit there and use tools this tool as a way of har­vest­ing pass­words. Do we have solu­tions avail­able to stop that kind of an attack?

Crocker: Yes. I think your descrip­tion is right. And the oth­er ques­tion is well, what can we do to stop this. And I think there are two things that have to be done to stop this. First of all, we’d like com­put­ers to be pro­tect­ed enough so that peo­ple are not break­ing in and tak­ing them over and run­ning the snif­fer pro­gram and cap­tur­ing all the infor­ma­tion that’s going by.

One of the things that’s made this par­tic­u­lar flur­ry of inci­dents more impor­tant than in the past— And it’s prob­a­bly impor­tant to empha­size that this kind of attack is not brand new, but this is sort of a worse case than we’ve seen in the past. The rea­son it’s been some­what worse is that the attacks have tak­en place not only on local area net­works with­in a sin­gle orga­ni­za­tion, but cer­tain crit­i­cal com­put­ers that were sit­ting on Ethernets in the mid­dle of cross‐country or inter­na­tion­al traf­fic points were bro­ken into. And so the traf­fic that was acces­si­ble was orig­i­nat­ed at quite some dis­tance away and was head­ed at some fur­ther remote point, and so pass­words were har­vest­ed not only for locally‐available machines but for machines all over the world.

Certainly strength­en­ing the oper­a­tion of those class of machines, the ones that are oper­at­ed by region­al net­works and that are sit­ting in crit­i­cal points in the oper­a­tions, those can be strength­ened very eas­i­ly. That’s main­ly a mat­ter of atten­tion and dis­ci­pline and height­ened aware­ness.

Now, that’s one aspect and I think that’s rel­a­tive­ly straight­for­ward. But that’s only a first step. A much more impor­tant step is a real­iza­tion that send­ing pass­words in the clear over the Internet is a dead idea. That’s just an idea whose time has passed.


Crocker: A one‐time pass­word is some­thing that you use once and then you don’t use it again. And then the nat­ur­al ques­tion is well, what do I do the next time that I have to log into a remote machine? And the answer is you have anoth­er one‐time pass­words. So you have a list of them, and each time you use one you cross it off.

Malamud: So you take this list and you print it out onto a piece of paper and you tack it up on the wall next your com­put­er?

Crocker: Well, in fact that is one of the ways to do it, and that’s a lit­tle clum­sy and seems a lit­tle odd but it’s a work­able sys­tem. I’ll come back to that in a sec­ond. Let me shift over to a anoth­er class of things that’re called challenge‐response sys­tems. It’s now mod­er­ate­ly com­mon to be able to use a lit­tle cal­cu­la­tor device, and things work this way: I want to log into a remote com­put­er. I have an account on that com­put­er. I iden­ti­fy myself—I say crock­er,” and back comes not a request for my pass­word, but a num­ber is typed out at me. And that num­ber is a ran­dom num­ber that is dif­fer­ent every sin­gle time that I try to con­nect. So that’s where part of the secu­ri­ty comes from, is the fact that this num­ber changes every sin­gle time. If some­body were watch­ing this they would not learn any­thing from watch­ing one exchange.

Malamud: Okay, so that’s the chal­lenge. The chal­lenge is some unique ran­dom num­ber.

Crocker: Right. I take that ran­dom num­ber, and I key it into this lit­tle cal­cu­la­tor device. And in the win­dow of this cal­cu­la­tor device is the answer. Now, what’s hap­pened is inside this cal­cu­la­tor device is a secret num­ber, [crosstalk] like a pass­word.

Malamud: Like my RSA pri­vate key, maybe.

Crocker: No, it’s not— It doesn’t have to be as com­pli­cat­ed as that. It’s more typ­i­cal­ly a DES key, and it just trans­forms the chal­lenge into the response. And of course at the oth­er end, the com­put­er that I’m try­ing to log into—the host—it has the same secret num­ber. And it’s done the same trans­for­ma­tion. So then I respond with this trans­formed num­ber, this response, and it checks to see if it’s what it’s expect­ing.

Because the chal­lenges are dif­fer­ent every sin­gle time, sim­ply record­ing the chal­lenge and response if some eaves­drop­per were doing that, wouldn’t teach him any­thing. And fur­ther­more, there isn’t any way to dis­cov­er what the secret was by look­ing at the chal­lenge and response pair. This is very impor­tant. One could record the chal­lenge, one could record the response; if the trans­for­ma­tion process were suf­fi­cient­ly sim­ple, one could look at that pair and derive what the secret is but it’s a part of the cryp­tog­ra­phy that you can’t fig­ure out what the secret is just from look­ing at an input and out­put pair.

Malamud: It sounds like we have tools. We have pub­lic key, we have challenge‐response sys­tems. How long before the Internet becomes a safe place to live and work? Or is it a safe place to live and work now?

Crocker: Well it’s not as dan­ger­ous as one might gath­er from press reports, but it’s def­i­nite­ly not as safe as it could be. How long” is the kind of ques­tion that is a very very tough to answer. It depends—

Malamud: Are we going to see short‐term dra­mat­ic improve­ments in Internet secu­ri­ty, or is this some­thing we’re going to be wait­ing for years and years?

Crocker: I think your point is right, that the basic tech­nol­o­gy is in hand. It has not been as usable as it could be. It has not been fold­ed into the prod­ucts, and I must admit it has not been fold­ed into the pro­to­cols as quick­ly as it should have been. In the pro­to­col process we’ve con­cen­trat­ed per­haps too much on high‐end pro­to­cols and more much more com­plex things. I would like to see auto­mat­ic one‐time pass­word mech­a­nisms or challenge‐response mech­a­nisms built into tel­net pro­to­cols and FTP pro­to­cols. Many of us trav­el with lap­tops; there’s no rea­son why those com­pu­ta­tions couldn’t be done in the lap­top, trans­par­ent to the user.

User‐friendliness, usabil­i­ty, are key issues with respect to secu­ri­ty and it’s a very typ­i­cal kind of trade‐off that where secu­ri­ty gets in the way of usabil­i­ty, secu­ri­ty is usu­al­ly jet­ti­soned. That helps sales in the short run but it doesn’t improve secu­ri­ty for the total net­work envi­ron­ment.

Malamud: But you think we have the tools that we can begin doing this.

Crocker: Yeah. I would hope that over the next twelve to eigh­teen months, and here it is, the tail end of March of 94 that I’m talk­ing so let me go on the record. Let’s see, first of April is the begin­ning of a new quar­ter. So if we roll for­ward eigh­teen months then we’re talk­ing about first of October, 1995. It might be inter­est­ing to ask what is the state of secu­ri­ty with respect to the kind of pass­word attacks and relat­ed things that we’ve seen? And maybe we’ll all be sleep­ing bet­ter or maybe the sit­u­a­tion won’t be any bet­ter and I will be prop­er­ly cha­grined about how hard this prob­lem has been to tack­le.

Malamud: Well there you have it. We’ve been talk­ing to Steve Crocker. This has been Geek of the Week.


Malamud: This is Internet Talk Radio, flame of the Internet. You’ve been lis­ten­ing to Geek of the Week. You make cof­fee this pro­gram to any medi­um and change the encod­ing, but may not alter the data or sell the con­tents. To pur­chase an audio cas­sette of this pro­gram, send mail to radio@​ora.​com. Support for Geek of the Week comes from Sun Microsystems. Sun, the net­work is the com­put­er.

Support for Geek of the Week also comes from O’Reilly & Associates, pub­lish­ers of The Global Network Navigator, your online hyper­text mag­a­zine. For more infor­ma­tion, send mail to info@​gnn.​com. Network con­nec­tiv­i­ty for the Internet Multicasting Service is pro­vid­ed by MFS Datanet and by UUNET Technologies.

Executive Producer for Geek of the Week is Martin Lucas. Production Manager is James Roland. Rick Dunbar and Curtis Generous are the sysad­mins. This is Carl Malamud for the Internet Multicasting Service, town crier to the glob­al vil­lage.


Help Support Open Transcripts

If you found this useful or interesting, please consider supporting the project monthly at Patreon or once via Square Cash, or even just sharing the link. Thanks.