- C8 + C9
- C7 (RSA, El-Gammal, DH, AES)
- One time passwords
- Open design - Assume the attackers have the sources and the specs.
- Fail-safe defaults - Fail closed; no single point of failure. Fail by default.
- Least privilege - No more privileges than what is needed.
- Economy of mechanism - Keep it simple, stupid.
- Separation of privileges - Don’t permit an operation based on a single condition.