Problem 10: Crypto doesn’t make insecure platforms secure
Consider all the usual security problems (network break-ins, viruses, sendmail, users, etc.)
Even most “secure” platforms aren’t secure
- no way to destroy secrets (paging makes this harder)
- IPC & process management often leaks information (Unix env, WIN32 DLL monitors)
Easiest attacks rarely require attacking the things that are easiest to protect with crypto
Crypto does not address most security threats