My concluding day at RSA Conference, Europe began with a panel presentation entitled ‘Deploying Security for the Masses: Implementation Issues & Challenges’. Gilles Gravier moderated a productive discussion of the challenges in bringing security technologies to the real world. My fellow panelists Martin Boesgaard, Noam Ziv and Paul Wang offered a number of examples such as algorithm misuse and poor password selection, bringing up several cases where generally-secure but poorly-used algorithms led to security flaws — such as the improper generation of initialization vectors for RC4 in early versions of wireless LAN encryption. Paul mentioned one instance where employees of a company — upon receiving guidance on how to select stronger passwords — actually started using the example password suggested in the guidance…

Read more at blog@rsa.com (Burt Kaliski)

Tags: Computer security Systems