This position — that the adversary knows your system as well as you do, if not better, as soon as it is stood up — while extreme, led to the creation of large number factorization, the basis for all modern encryption, from PGP to RSA tokens. Under these encryption schemes, as long as the key is kept private, someone can know everything about how the security system works and still not be able to crack it.Coincidentally, our CTO and I were having a conversation along these lines just yesterday. It's a thrill a minute at SecurLinx!
To get to a place of true cybersecurity, another stark innovation in thinking is needed. What is needed is an Inverse Shannon's Maxim: the user knows nothing.
Wednesday, April 15, 2015
True cybersecurity requires a conceptual shift
The user knows nothing: Rethinking cybersecurity
