On Tuesday, the creators of the Diffie-Hellman key exchange, a cryptographic protocol, and two of the creators of EMC security division RSA gathered onstage for the annual cryptographers' panel at RSA 2008 in San Francisco.
First, panel members offered their perspectives on the state of security since last year, then they answered questions posed by a moderator. The panel included: Whitfield Diffie, chief security officer at Sun Microsystems; Martin Hellman, professor emeritus of electrical engineering at Stanford University; Ronald Rivest, professor of electrical engineering and computer science at MIT; and Adi Shamir, professor of computer science at the Weizmann Institute of Science in Israel. The moderator was by Burt Kaliski, founding scientist at RSA Laboratories.
Diffie began the discussion, saying that after 80 years, "we've gotten cryptography to a fairly good point," but added that "the Internet's a mess." He said that on the Internet, "defense--pure defense--simply doesn't work." He said that where it takes us months and years to secure something, it takes the opponent only hours. "They can run rings around us." He then mentioned that some in the government are starting to talk about going to where the opponents live and using a variety of means to shut them down.
Hellman showed a photograph of a glider flying over a runway. Himself a pilot, he said the greatest risk was executing a maneuver that most people consider 99.9 percent safe. Hellman said that "humans are not good in judging low-probability events," and cautioned against complacency. He said he hoped that the non-security world would reach a tipping point and start taking security seriously. (Malcolm Gladwell, author of The Tipping Point, is an RSA keynote speaker on Thursday.)
Rivest briefly mentioned Alan Turing, to whom this year's RSA conference is dedicated. Turing is best known for the Turing Test, a process that determines a machine's ability to demonstrate intelligence. What Rivest really wanted to talk about, however, was electronic voting. He said cryptography is relevant to creating end-to-end security. He's part of a group that has released a public proposal on voting system standards. One of the key parts is the definition of "dependent" and "independent" software on a voting system. He said software dependent is a category where a bug or a flaw could easily change the end result; this is along the lines of work done recently by Professor Ed Felten and his grad students at Princeton. Software independent is where the system doesn't entirely depend on the software and uses paper or some other means of capturing the vote. He favors voting systems that are software independent.
Shamir gave a short recitation of hacks within the last year or so on various cryptographic systems, mentioning in particular recent attacks on various municipal transit systems, such as Boston's Charlie Card and London's Oyster Card. Most curious, however, were his final comments about the adoption of Blu-Ray DVD discs by Warner Bros. He said he'd wondered about the tipping point in the Blu-Ray vs. HD DVD battle, and said he'd heard a rumor--and stressed it was only a rumor--that Blu-Ray had better security overall than HD DVD. If true, he said, security is finally starting to become a factor in consumer electronics.