Crypto-Gram: September 15, 2006:The lesson, other than humility about human cognitive abilities, is that attackers often have far more persistence and commitment than defenders. Measures that work against persistent attackers (password rules, etc) so annoy defenders they become impractical.
Human/Bear Security Trade-Off
I like this example from SlashDot: 'Back in the 1980s, Yosemite National Park was having a serious problem with bears: They would wander into campgrounds and break into the garbage bins. This put both bears and people at risk. So the Park Service started installing armored garbage cans that were tricky to open -- you had to swing a latch, align two bits of handle, that sort of thing. But it turns out it's actually quite tricky to get the design of these cans just right. Make it *too* complex and people can't get them open to put away their garbage in the first place. Said one park ranger, 'There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists.''
It's a tough balance to strike. People are smart, but they're impatient and unwilling to spend a lot of time solving the problem. Bears are dumb, but they're tenacious and are willing to spend hours solving the problem. Given those two constraints, creating a trash can that can both work for people and not work for bears is not easy.
Friday, September 15, 2006
We are quicker than most animals at solving most problems, but the gap is not as large as we often think ... (yes, this smells like an urban legend, but I liked Schneier's comment on persistence ...)