Security Design 101 Rules
Peter Fairbrother
zenadsl6186 at zen.co.uk
Mon Jun 22 19:39:45 BST 2009
I haven't finished writing/compiling the security design 101 rules yet,
but so far:
Rule 1: Don't underestimate the enemy, they are cleverer and more
determined than you think.
Rule 2: Keep it simple, simple limits where the enemy can attack.
Rule 3: Limit the people who can access your secrets, only they can
steal them.
Rule 3 alternative wording : Limit the people you trust, only they
can betray you.
Rule 4: Protect plaintext first, it's more valuable to the enemy than
ciphertext.
Rule 5: The enemy can think out-of-the-box, you must do so as well.
Rule 6: A security system which isn't used isn't useful, so make it
cheap and easy to use.
Rule 7: You must consider the positions of everybody involved, both
enemies and friends.
Rule 8: Information is not a thing, it can be stolen and still be there.
Suggestions gratefully accepted.
Peter Fairbrother
More information about the ukcrypto
mailing list