[PYTHON-CRYPTO] AES in M2Crypto advice

Jason H. Smith jason at OES.CO.TH
Thu Jun 5 09:12:02 CEST 2003


On Thursday 05 June 2003 01:46 pm, Ng Pheng Siong wrote:
> IMHO, it is more important that the thief who steals the CEO's laptop
> or the subsequent black market buyer do not get access to the files on
> it.
>
> Install a crypto filesystem type thingy on the laptop and train the CEO
> to use it properly. Then just backup the disk image normally; sensitive

Surely.  But these days, that might be a tall order.  CEOs aren't known 
for openly accepting security technology (and its implied 
inconveniences).  So we'll start small; and when it dawns on him or her 
that the backups are more secure than the laptop itself, that's when we 
make our move!

But joking aside, I think your average corporate executive understands 
meatspace security much better.  For example, most will implement a good 
security system, perhaps with guards.  They will lock their office when 
they leave, and (presumably) they will never let their laptop out of 
their site, because they know how important it is.

But computer security is more mysterious and confusing, so I think it's 
harder for some executives to make a good informed decision (witness IIS 
deployment statistics).  That's why it's very important for crypto and 
security in general to be as user-friendly as possible as the mainstream 
world becomes dependent on it.  For example, bad passwords are human 
nature; and I think no amount of education will solve it.  That's why 
token-based authentication is smarter.  People know not to  lend out 
their credit card or house keys; and so they'll naturally guard their 
smart ID card for accessing the financial database or whatever.  
Personally, I can't wait for every PC to come with a smart card reader.

Anyway, that's enough OT for me for one day ;)

-- 
GPG: 03EE 9EB8 E500 874A F509  7B95 9B9A 84A1 26E9 4F79
http://www.ece.utexas.edu/~jhs/public_key.gpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20030605/061c88cb/attachment.pgp>


More information about the python-crypto mailing list