Security Engineering

A secure password does not make a system secure. No password – in fact, no authentication system – is entirely bulletproof. The key when designing a password-based access system, and choosing passwords, is to balance an equation. You must make the effort required to crack the password more valuable than the data the password protects. This will force the attacker to attempt another approach – there is no value in them continuing to try to break the password.

When laying barbed wire, we do not attempt to completely block access to the defended area (the enemy will just stay put and bring in tanks), unless we want to bring in enemy tanks (to, for example, ensure that they aren’t elsewhere!). We lay out barbed wire in a pattern that requires infantry to take a longer route in order to get in, in order that we can shoot at them more on their way. When laying barbed wire, there is never any doubt that the enemy will penetrate it, given enough effort.

When I tell people that no password is completely secure, and describe all that is above to them, they sometimes don’t believe me, or see the relevance. So here’s another example I came up with this morning:

When people install burglar alarms in their houses, they think they are doing it to prevent burglars. But this doesn’t work, otherwise the number of burglars would be expected to go down as the ratio of houses with burglar alarms has increased. No; a burglar alarm does not prevent burglars – what a burglar alarm does is makes the effort (in this case, the chance of getting caught) not worth the data protected (your TV, VCR, computer, etc.). So the burglar goes elsewhere – perhaps to steal less valuable stuff, but from somewhere that the effort is substantially lower. Burglar alarms don’t stop burglars – they redirect them.

But if the value of the data you’re protecting increases, then the equation disbalances, and it becomes worth the effort. If you start keeping stacks of gold bars in your living room, our burglar will probably risk getting caught to try to nab them. Or they might spend time getting the experience and equipment needed to disarm your alarm first. Or they might watch your daily patterns; see if you sometimes forget to arm the alarm, or maybe they’ll bribe your ex- to share with them the code.

There’s the basics of security engineering. Now, here’s the bit I missed:

Hackers are a very complicated set of people, of all manner of ages, disciplines, experience levels, and motivations. An important factor with many hackers is that, regardless of the possible value of the data, the effort taken to break into the system is irrelevant as a deterrent! Many hackers see more challenging systems as a ‘challenge’, and try to break into these systems just to prove that they can. Imagine your suprise when you find that your house has been broken into and all the gold bars in your living room have been autographed by some greyhat.

Now go change your passwords.


    Reply here

    Your email address will not be published. Required fields are marked *

    Reply by email

    I'd love to hear what you think. Send an email to; be sure to let me know if you're happy for your comment to appear on the Web!