What The Hell? Billion-Bit RSA Is Here

Posted on Tuesday August 18 2009 by hell if i know

Copyright © 2009 What The Hell? Security

This past April, I gave the keynote speech at the annual RSA conference.  Huge venue, that Moscone Center is.  All the bigger when you’re the only attendee.  What’s that?  Oh!  I don’t mean that RSA.  That one was crowded as hell.  I mean the one on Religious Security Advice.

In the brilliant speech I gave to the standing room only crowd  (I stood at a podium), I spoke  of the pending arrival of  Billion Bit RSA.  That is, the Billionth Bit of Religious Security Advice.  Brilliant visionary that I am, I predicted it would pertain to — get this — passwords.  Was I dead on or what?

I know what you’re thinking.  “Passwords?  Why are we still beating that dead horse?“  The answer is, of course, that horse, being a dictionary word, is a crappy password.

Which isn’t necessarily a bad thing.  Using horse as a password, I mean, not equestrian beatings.  If you don’t understand why, it’s because you aren’t thinking context.

Which is a huge problem when it comes to converting security heathens.  In the security field, we can (and do) preach security commandments until we’re blue in the face, and in case you haven’t noticed, it ain’t working.

That’s because we don’t consider context.  We fixate on those damn commandments as if they were the goal rather than the means to a goal.  Which causes people to tune out rather than in.  (Not that we’ve ever let that discourage us.)

So what’s the best way to get people to ante up their security tithes?  Easy — offer them one piece of stay-out-of-hell advice:

    Don’t harm yourself.

That’s where all security thinking should start.  It makes the whole issue a personal one, and it provokes lots of questions worth asking, whether you’re a naive Web surfer or a protocol engineer designing IPv7.   Following best practices is important, but it’s the wrong place to start.  It gives rebellion an immediate unnecessary toehold.

So using horse as a password?  Use it all you like, so long as doing so doesn’t shoot off your big toe.  It’s a password I use for something inane on my kids’computer.  It’s one I recommend to people who need one of no significance.  Get  it?  Context.  When you act in context, people will listen to you when it counts.

If you think I’m stating the obvious, ask yourself:   Of the last ten security skeptics that you debated, how many were you able to convert in earnest? If the answer isn’t ten, you have a context problem.  You aren’t relating with those people for where they are.  Make it personal.  Not as in, “Gee, don’t you care if hackers drain your bank account?”  As in,  “Don’t let some invisible bonehead dictate your cash flow.”

The Billionth Bit of Religious Security Advice is is already out of the bag.  I say we cap it at a billion and one.  Remember:  Don’t harm yourself.

Advertisement

Filed under: security, security soapbox

« »

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.