Monday 21 July 2008

Judge gets it on security

The Dutch judge who has overturned the injunction stopping Radboud University revealing how they cracked the Mifare Classic chip said:

Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.
Bruce Schneier said:
As bad as the damage is from publishing - and there probably will be some - the damage is much, much worse by not disclosing.

and then rightly pointed out that assuming that no criminals were exploiting this problem was a foolish position to take.

This is of course an analogue of the classic security position that encryption algorithms shouldn't be kept secret, they should be open for everyone to examine for flaws and only the key should be secret.

1 comment:

kevinjones said...

Kudos to the judge for prioritizing security! Acknowledging the importance of safeguarding, especially in legal settings, demonstrates a commitment to ensuring a secure and just environment.
Middlesex County Driving Without a License Attorney
Middlesex County Driving Without a License Lawyer