Donate for the Cryptome archive of files from June 1996 to the present

11 March 2015

The principles of data security design

Date: Wed, 11 Mar 2015 21:08:51 +0000
From: Peter Fairbrother <zenadsl6186[at]>
To: Ladar Levison <ladar[at]>, Cryptography Mailing List <cryptography[at]>
Subject: Re: [Cryptography] DIME // Pending Questions // Seeking Your Input

The principles of data security design:

First Principle: If data isn't collected, it can't be stolen.

Second Principle: Only people you trust can betray you. The rest are just out to get you.

Third Principle: Never underestimate the attention, risk, money and time that an opponent will put into reading traffic (Robert Morris).

Fourth Principle: Keep it simple. The more complex it is, the more places there are to attack.

Fifth Principle. Modes and choices are bad in crypto protocols, they give users choices they are not qualified to make. It's your job to be clever, not the user's.

Sixth Principle. a system that's hard to use either doesn't get used, or it gets misused. Good user interfaces are essential. Users don't RTFM, so don't expect them to.

Seventh Principle: Leaving holes to let "good governments" in will inevitably leave holes for others as well. (Jerry Leichter)

Eighth Principle: In code, assume nothing ever really goes away. (Jerry Leichter)